Managing the Bucket Permission

Prerequisites

You have obtained the access certificate and security certificate of an activated account.

Procedure

1. Choose Services > Object Service > Account.
2. Click the name of the desired account and select the Bucket tab.
3. Enter the access certificate and security certificate of the account and click Authenticate.
   

   You can perform authentication on either of the Bucket or User tab page.

4. Click More on the right of the desired bucket and select Manage Permission.

   The Manage Permission page is displayed.

5. Set a bucket permission policy. Standard bucket policies are Private, Public Read, and Public Read and Write.
   • Private

     The owner of the bucket has full control of the bucket. Other users cannot access the bucket without authorization.

   • Public Read

     All users can read objects in the bucket, and only the bucket owner has the write permission.

   • Public Read and Write

     All users can read, write, or delete objects in the bucket.

     

     For data security, you are advised to select Private.

6. Set the advanced bucket policy, including creating, modifying, and deleting the bucket.
   • Creating the advanced bucket policy
     1. Click Create Bucket Policy.

        The Create Bucket Policy dialog box is displayed.

     2. Configure bucket parameters. Table 1 describes related parameters.

        Table 1 Bucket policy parameters

        Parameter	Description
        Policy Mode	Indicates the mode of the bucket policy. Possible options are as follows: Read-only Authorized users can read bucket resources. Read and Write Authorized users can read and write bucket resources. NOTE: Only one policy mode can be configured at a time.
        Authorized User	User on which the bucket policy takes effect. Possible options are as follows: Inclusive The bucket policy takes effect for specified users. Exclusive The bucket policy takes effect for other users except specified users. Current Account The specified user is the current user that has been authenticated. Another Account The specified user is a user of another account.
        Account ID	Indicates the account ID of the specified user. NOTE: This parameter is valid only when Authorized User is set to Another Account.
        Username	Indicates the user name of the specified user. NOTE: When Authorized User is set to Current Account, click Select and select a user of the current account. When Authorized User is set to Another Account, enter the user name of another account.
        Bucket Resource	Indicates the resources that the bucket policy applies to. Possible options are as follows: Inclusive The bucket policy takes effect on specified resources. Exclusive The bucket policy takes effect on other resources except specified resources. [Value range] The value is an object or object set, and the format is as follows: Object: object name Object set: prefix of the object name + wildcard (*), wildcard (*) + suffix of the object name, or wildcard (*). NOTE: For a file bucket, a bucket policy only supports taking effect on the entire bucket and does not support taking effect on specific objects in the bucket. Enter a wildcard (*) to indicate the entire bucket.

     3. Click OK.
   • Modifying the advanced bucket policy
     1. Click More on the right of the desired bucket policy and select Modify.

        The Modify Bucket page is displayed.

     2. Configure bucket parameters. Table 2 describes related parameters.

        Table 2 Advanced bucket policy parameters

        Parameter	Description
        Policy Mode	Indicates the mode of the bucket policy. Possible options are as follows: Read-only Authorized users can read bucket resources. Read and Write Authorized users can read and write bucket resources. NOTE: Only one policy mode can be configured at a time.
        Authorized User	Indicates the user on which the bucket policy takes effect. Possible options are as follows: Inclusive The bucket policy takes effect for specified users. Exclusive The bucket policy takes effect for other users except specified users. Current Account The specified user is the current user that has been authenticated. Another Account The specified user is a user of another account.
        Account ID	Indicates the account ID of the specified user. NOTE: This parameter is valid only when Authorized User is set to Another Account.
        Username	Indicates the user name of the specified user. NOTE: When Authorized User is set to Current Account, click Select and select a user of the current account. When Authorized User is set to Another Account, enter the user name of another account.
        Bucket Resource	Indicates the resources that the bucket policy applies to. Possible options are as follows: Inclusive The bucket policy takes effect on specified resources. Exclusive The bucket policy takes effect on other resources except specified resources. [Value range] The value is an object or object set, and the format is as follows: Object: object name Object set: prefix of the object name + wildcard (*), wildcard (*) + suffix of the object name, or wildcard (*). NOTE: For a file bucket, a bucket policy only supports taking effect on the entire bucket and does not support taking effect on specific objects in the bucket. Enter a wildcard (*) to indicate the entire bucket.

     3. Click OK.
   • Deleting the advanced bucket policy
     1. Click More on the right of the desired bucket policy and select Delete.
     2. Confirm your operation as prompted.

7. Click Close.
   

   If the standard bucket policy conflicts with the advanced bucket policy, the advanced bucket policy prevails.