Bucket Policy

A bucket owner can compile a bucket policy to control the access permission for the bucket.

Bucket policies provide centralized access control over buckets and objects based on a variety of conditions, including OBS operations, requesters, resources, and aspects of the request (for example IP addresses). The permissions attached to a bucket apply to all of the objects in that bucket.

Individuals as well as enterprises can use bucket policies. When an enterprise registers with OBS, it creates an account. The account can create users for the enterprise employees, authorizing different permissions to users. The account is financially responsible for resources created by its users. For example, an account can create a policy that provides the write access:

  • To a particular bucket for a user.
  • For a user from a specified account's corporate network.
  • For an account's custom application.

With one request, an account can set the permissions for any number of objects in a bucket.

A bucket policy is specified by the bucket owner and it defines the access permissions for a bucket. After a bucket policy is created, access requests for the bucket are controlled by the bucket policy. The bucket policy controls access requests by accepting or rejecting the requests.