What is the PutBucketPolicy interface - Object Storage Service

The put-bucket-policy command is used to configure bucket policies, thereby granting permissions to the current Alibaba Cloud account or other Alibaba Cloud accounts, including individual or multiple RAM users and RAM roles, to access resources stored within the bucket.

Note

Configuring bucket policies requires the oss:PutBucketPolicy permission. For more information, see Attach a custom policy to a RAM user.

Syntax

ossutil api put-bucket-policy --bucket value --body value [flags]

Parameter	Type	Description
--bucket	string	The name of the bucket for which you want to configure access control policies.
--body	string	The JSON-formatted request body, which defines access permissions.

Note

The put-bucket-policy command corresponds to the PutBucketPolicy operation. For more information about the parameters within, see PutBucketPolicy.

A bucket policy includes the Version and Statement fields. Below is an example:

{ "Version": "1", "Statement": [ { "Action": ["oss:PutObject", "oss:GetObject"], "Effect": "Deny", "Principal": ["1234567890"], "Resource": ["acs:oss:*:1234567890:*/*"] } ] }

Version: The version of the policy. Default value: 1.
Statement: A policy contains one or more arrays of statements, each defining a set of permissions.
- Action: Specifies the list of operations that are allowed or denied, such as oss:PutObject and oss:GetObject.
- Effect: Specifies whether the statement allows or denies access. Values: Allow or Deny.
- Principal: Specifies the entity to which the policy is applicable. in this case, the UID of the specified user.
- Resource: Defines the scope of resources to which the policy is applicable.

Note

For details about the Version and Statement fields, see Common examples of bucket policies.
For supported global command line options, see Supported global command line options.

Example

Below is a code example for configuring an access control policy for examplebucket to specify that permissions required for the PutObject and GetObject operations are not granted to a specific user.

ossutil api put-bucket-policy --bucket examplebucket --body "{\"Version\":\"1\",\"Statement\":[{\"Action\":[\"oss:PutObject\",\"oss:GetObject\"],\"Effect\":\"Deny\",\"Principal\":[\"1234567890\"],\"Resource\":[\"acs:oss:*:1234567890:*/*\"]}]}"