Help Center > Object Storage Service > API Reference > Access Control > Using ACLs and Bucket Policies Simultaneously

Using ACLs and Bucket Policies Simultaneously

An ACL and a bucket policy are used at the same time. If the ACL allows an account while the bucket policy denies the account, the authorization result complies with the bucket policy.

If a bucket policy and an IAM policy are applied to an account together, an explicit deny overrides allows, and an allow overrides default denies.

Cross-tenant authorized access cannot be implemented for SSE-KMS-encrypted objects using bucket ACL or policy.

Registration