Skip to main content
Create a container access policy
Last update:

Create a container access policy

You can create a single access policy for a container. If a policy is created, anything not allowed by the policy rules is denied.

Create an access policy

  1. In control panel go to Object StorageContainers.
  2. Open the container page.
  3. Open the tab Access Policy.
  4. Click Create an access policy.
  5. Add rules.
  6. Click Save.

Add rule

  1. In control panel go to Object StorageContainers.

  2. Open the container page → tab Access Policy.

  3. Click EditAdd rule.

  4. Enter the name of the rule.

  5. In the field Access select the type of rule.

  6. Specify Principal: Select which users the rule will apply to:

    • all on users with any role and unauthorized users who accessed the container;
    • authorized — for individual users of the project.
  7. If you selected access for authorized users, add users from the list.

  8. Select the set of actions that apply in the rule:

    • reader — a set of rights to view the container and objects in it;
    • editor — a set of rights to edit the container and objects in it;
    • arbitrary — an empty set to which you can add any actions;
    • everyone is a collection of everyone actions.
  9. If you've chosen a set Arbitraryadd action to it.

  10. Optional: if you have selected a different set, add new actions or delete pre-filled ones if necessary. When editing a set, its type will change to Arbitrary.

  11. Specify the resources of the container to which the rule will apply. You cannot specify resources of another container:

    • all the objects in the container: <container_name>/*
    • objects with a specific prefix: <container_name>/<prefix>/*
    • object: <container_name>/<prefix>/<object_name>
  12. Optional: to add stipulation to determine in which cases the rule will work, press Add condition. You can add any number of conditions. For a condition, specify:

    • key — parameter to which the condition will be applied;
    • operator — checks if the value from the query matches the value of the key;
    • value — value of the key, you can add multiple values;
    • optional: check the checkbox Apply if the field exists (equivalent to the operator IfExists). If the checkbox is checked and a field with this key exists, the condition will be applied. If the field does not exist, it will be created with the specified value.
  13. Click Save.