This section describes how to set the bucket permission policies.
Prerequisites
- The object service has been enabled in the system and uses POE authentication instead of IAM authentication.
- The object protocol has been enabled.
- The access key of an account is in Activated status.
Procedure
- Choose Resources > Resources > Namespace.
- Select a desired account from the Account drop-down list in the upper left corner.
- Click the name of the desired namespace, click the Protocol tab, and select Object.
- Manage bucket policies, including creating, modifying, and deleting bucket policies.
- Creating a bucket policy
- Click Create Bucket Policy.
The Create Bucket Policy dialog box is displayed.
- Configure bucket parameters. Table 1 describes related parameters.
Table 1 Bucket policy parameters Parameter
Description
Policy Mode
Mode of the bucket policy. Possible options are:
- Read-only
Authorized users can read bucket resources.
- Read and Write
Authorized users can read and write bucket resources. Specifically, buckets can be read, and objects in buckets can be read and written.
NOTE:Only one bucket policy mode can be configured at a time.
Authorized User
User on which the bucket policy takes effect. Possible options are:
- Inclusive
The bucket policy takes effect for specified users.
- Exclusive
The bucket policy takes effect for other users except specified users.
- Current Account
The bucket policy takes effect for users of the current account.
- Another Account
The bucket policy takes effect for users of another account.
Account ID
ID of the account to which specified users belong.
NOTE:This parameter is valid only when Authorized User is set to Another Account.
Username
User name of a specified user.
NOTE:- When the authorized user is Current Account, click Select to select the user of the current account.
- When the authorized user is Another Account, if this parameter is left blank, the policy takes effect for the account. If you specify a username, the policy takes effect for the specified user. You can specify multiple usernames separated with semicolons (;).
Bucket Resource
Resources to which the bucket policy applies. Possible options are as follows:
- Inclusive
The bucket policy takes effect on specified resources.
- Exclusive
The bucket policy takes effect on other resources except specified resources.
[Value range]
The value is an object or object set. You can click Add to add more bucket resources.
The value format is:
Object: object name
Object set: Object name prefix + wildcard (*), wildcard (*) + object name suffix, or wildcard (*)
- Read-only
- Click OK.
- Click Create Bucket Policy.
- Modifying a bucket policy
- Click More on the right of a desired bucket policy and select Modify.
The Modify Bucket Policy page is displayed.
- Modify bucket parameters. Table 1 describes related parameters.
- Click OK.
- Click More on the right of a desired bucket policy and select Modify.
- Deleting a bucket policy
- Click More on the right of a desired bucket policy and select Delete.
- Confirm your operation as prompted.
- Creating a bucket policy
- Click Close.
If the bucket permission conflicts with the bucket policy, the bucket policy takes effect.