Create a container access policy
You can create a single access policy for a container. If a policy is created, anything not allowed by the policy rules is denied.
Create an access policy
- In control panel go to Object Storage → Containers.
- Open the container page.
- Open the tab Access Policy.
- Click Create an access policy.
- Add rules.
- Click Save.
Add rule
-
In control panel go to Object Storage → Containers.
-
Open the container page → tab Access Policy.
-
Click Edit → Add rule.
-
Enter the name of the rule.
-
In the field Access select the type of rule.
-
Specify Principal: Select which users the rule will apply to:
- all on users with any role and unauthorized users who accessed the container;
- authorized — for individual users of the project.
-
If you selected access for authorized users, add users from the list.
-
Select the set of actions that apply in the rule:
- reader — a set of rights to view the container and objects in it;
- editor — a set of rights to edit the container and objects in it;
- arbitrary — an empty set to which you can add any actions;
- everyone is a collection of everyone actions.
-
If you've chosen a set Arbitraryadd action to it.
-
Optional: if you have selected a different set, add new actions or delete pre-filled ones if necessary. When editing a set, its type will change to Arbitrary.
-
Specify the resources of the container to which the rule will apply. You cannot specify resources of another container:
- all the objects in the container:
<container_name>/*
- objects with a specific prefix:
<container_name>/<prefix>/*
- object:
<container_name>/<prefix>/<object_name>
- all the objects in the container:
-
Optional: to add stipulation to determine in which cases the rule will work, press Add condition. You can add any number of conditions. For a condition, specify:
- key — parameter to which the condition will be applied;
- operator — checks if the value from the query matches the value of the key;
- value — value of the key, you can add multiple values;
- optional: check the checkbox Apply if the field exists (equivalent to the operator
IfExists
). If the checkbox is checked and a field with this key exists, the condition will be applied. If the field does not exist, it will be created with the specified value.
-
Click Save.