Updated on 2026-01-16 GMT+08:00

Managing Bucket Policies

Besides bucket ACLs, bucket owners can use bucket policies to centrally control access to buckets and objects in buckets.

Setting a Bucket Policy

You can call ObsClient.setBucketPolicy to set a bucket policy. Sample code is as follows:

// Hard-coded or plaintext AK/SK are risky. For security purposes, encrypt your AK/SK and store them in the configuration file or environment variables. In this example, the AK/SK are stored in environment variables for identity authentication. Before running this example, configure environment variables ACCESS_KEY_ID and SECRET_ACCESS_KEY_ID.
// Obtain an AK/SK pair on the management console.
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// Create an ObsClient instance.
ObsClient obsClient = new ObsClient(ak, sk, endPoint);
obsClient.setBucketPolicy("bucketname", "your policy");

For details about the format (JSON character string) of bucket policies, see the Object Storage Service API Reference.

Obtaining a Bucket Policy

You can call ObsClient.getBucketPolicy to obtain a bucket policy. Sample code is as follows:

// Hard-coded or plaintext AK/SK are risky. For security purposes, encrypt your AK/SK and store them in the configuration file or environment variables. In this example, the AK/SK are stored in environment variables for identity authentication. Before running this example, configure environment variables ACCESS_KEY_ID and SECRET_ACCESS_KEY_ID.
// Obtain an AK/SK pair on the management console.
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// Create an ObsClient instance.
ObsClient obsClient = new ObsClient(ak, sk, endPoint);

String policy = obsClient.getBucketPolicy("bucketname");
Log.i("GetBucketPolicy","\t" + policy);

Deleting a Bucket Policy

You can call ObsClient.deleteBucketPolicy to delete a bucket policy. Sample code is as follows:

// Hard-coded or plaintext AK/SK are risky. For security purposes, encrypt your AK/SK and store them in the configuration file or environment variables. In this example, the AK/SK are stored in environment variables for identity authentication. Before running this example, configure environment variables ACCESS_KEY_ID and SECRET_ACCESS_KEY_ID.
// Obtain an AK/SK pair on the management console.
String ak = System.getenv("ACCESS_KEY_ID");
String sk = System.getenv("SECRET_ACCESS_KEY_ID");
String endPoint = "https://your-endpoint";
// Create an ObsClient instance.
ObsClient obsClient = new ObsClient(ak, sk, endPoint);

obsClient.deleteBucketPolicy("bucketname");