Obtaining the Public Access Block Configuration of a Bucket

Functions

This API returns the public access block configuration of an OBS bucket.

To perform this operation, you must have the GetBucketPublicAccessBlock permission. The bucket owner can perform this operation by default and can grant this permission to others by using a bucket policy or a user policy.

Authorization Information

To call this API, you must be the bucket owner or have the permission to obtain the public access block configuration of a bucket. You are advised to use IAM or bucket policies for authorization. For details about OBS authorization methods, see Differences Between OBS Permissions Control Methods.

If you use IAM for authorization, you need to use either role/policy-based authorization or identity policy-based authorization and configure the required permissions:

If you use role/policy-based authorization (IAM v3 APIs in the old IAM version), you need to grant the obs:bucket:GetBucketPublicAccessBlock permission. For details, see Creating a Custom IAM Policy.

If you use identity policy-based authorization (IAM v5 APIs in the new IAM version), you need to grant the obs:bucket:getBucketPublicAccessBlock permission, as shown in the following table. For details, see Creating a Custom IAM Identity Policy.

Action	Access Level	Resource Type (*: Required)	Condition Key	Alias	Dependencies
obs:bucket:getBucketPublicAccessBlock	Read	bucket *	g:EnterpriseProjectId g:ResourceTag/<tag-key>	-	-
-	obs:EpochTime obs:SourceIp obs:TlsVersion obs:CustomDomain

Action

Access Level

Resource Type (*: Required)

Condition Key

Alias

Dependencies

obs:bucket:getBucketPublicAccessBlock

Read

bucket *

obs:EpochTime
obs:SourceIp
obs:TlsVersion
obs:CustomDomain

If you use bucket policies for authorization, you need to grant the obs:bucket:GetBucketPublicAccessBlock permission. For details, see Creating a Custom Bucket Policy.

Request Syntax

GET /?publicAccessBlock HTTP/1.1
Host: bucketname.obs.region.myhuaweicloud.com 
Date: date
Authorization: authorization
Content-Type: application/xml
Content-Length: length

Request Parameters

This request contains no parameters.

Request Headers

This request uses common headers. For details, see Table 3.

Request Elements

The request contains no elements.

Response Syntax

HTTP/1.1 status_code
Date: date
x-obs-request-id: 000001934E7A99E2530672D3A3903140
x-obs-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA
Content-Length: length

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PublicAccessBlockConfiguration xmlns="http://obs.myhwclouds.com/doc/2015-06-30/">
  <BlockPublicAcls>boolean</BlockPublicAcls>
  <IgnorePublicAcls>boolean</IgnorePublicAcls>
  <BlockPublicPolicy>boolean</BlockPublicPolicy>
  <RestrictPublicBuckets>boolean</RestrictPublicBuckets>
</PublicAccessBlockConfiguration>

Response Headers

This response uses common headers. For details, see Table 1.

Response Elements

The response contains elements specifying the public access block configuration of an OBS bucket. Table 1 describes these elements.

**Table 1** Response Elements
Element	Type	Description
PublicAccessBlockConfiguration	XML	Definition: The public access block configuration of a bucket.
BlockPublicAcls	Boolean	Definition: Whether to prohibit specifying the ACL as public access to a bucket or objects in the bucket. If the parameter is set to true, the following applies: If you specify an ACL as public access when uploading an object, the object fails to be uploaded and the error "403 Access Denied" is returned. If you specify an ACL as public access when modifying a bucket ACL or an object ACL, the ACL fails to be modified and the error "403 Access Denied" is returned. Range: true: This feature is enabled. false: This feature is disabled.
IgnorePublicAcls	Boolean	Definition: Whether to ignore the existing ACL that allows public access to the bucket or objects in the bucket. If this parameter is set to true, the public access ACL of the bucket or objects in the bucket becomes invalid. Range: true: This feature is enabled. false: This feature is disabled.
BlockPublicPolicy	Boolean	Definition: Whether to prohibit the configuration of a bucket policy that allows public access to a bucket. If this parameter is set to true, such a bucket policy will fail to be configured and the error "403 Access Denied" will be returned. Range: true: This feature is enabled. false: This feature is disabled.
RestrictPublicBuckets	Boolean	Definition: Whether to restrict the existing public bucket policy. If this parameter is set to true and the existing bucket policy allows public access, only the cloud service and bucket owner accounts are allowed to access the bucket. Range: true: This feature is enabled. false: This feature is disabled.

Error Responses

Table 2 describes possible special errors in this request.

**Table 2** Error Responses
Error	Description	HTTP Status Code
MethodNotAllowed	The involved method is not allowed (the corresponding feature is disabled).	405

For other errors, see Table 2.

Sample Request

GET /?publicAccessBlock HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.region.myhuaweicloud.com
Accept: */*
Date: Sat, 16 Nov 2024 08:59:07 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:75/Y4Ng1izvzc1nTGxpMXTE6ynw=

Sample Response

HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF260000016435CE298386946AE4C482
x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCT9W2tcvLmMJ+plfdopaD62S0npbaRUz
Date: Sat, 16 Nov 2024 08:59:08 GMT
Content-Length: 348

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PublicAccessBlockConfiguration xmlns="http://obs.myhwclouds.com/doc/2015-06-30/">
  <BlockPublicAcls>false</BlockPublicAcls>
  <IgnorePublicAcls>false</IgnorePublicAcls>
  <BlockPublicPolicy>false</BlockPublicPolicy>
  <RestrictPublicBuckets>false</RestrictPublicBuckets>
</PublicAccessBlockConfiguration>

Parent Topic: Advanced Bucket Settings

Previous topic: Configuring Public Access Block for a Bucket

Next topic: Deleting the Public Access Block Configuration of a Bucket