Create a container access policy
You can create a single access policy for a container. If a policy is created, anything that is not allowed by the policy rules is prohibited.
Create an access policy
- In Control Panel, go to Object Storage → Containers.
- Open the container page.
- Open the Access Policy tab.
- Click Create Access Policy.
- Add rules.
- Click Save.
Add rule
-
In Control Panel, go to Object Storage → Containers.
-
Open the container page → Access Policy tab.
-
Click Edit → Add Rule.
-
Enter the name of the rule.
-
In the Access field, select the type of rule.
-
Specify Principal: Select which users the rule will apply to:
- all — on users with any role and unauthorized users who accessed the container;
- authorized — for individual users of the project.
-
If you selected access for authorized users, add users from the list.
-
Select the set of actions that apply in the rule:
- reader — a set of rights to view the container and objects in it;
- editor — a set of rights to edit the container and objects in it;
- arbitrary — an empty set to which you can add any actions;
- all — set of all actions.
-
If you chose the Random set, add actions to it.
-
Optional: if you have selected a different set, add new actions or delete pre-filled ones if necessary. When editing a set, its type will change to Random.
-
Specify the container resources to which the rule will apply. You cannot specify the resources of another container:
- all container objects:
<container_name>/*
- objects with a certain prefix:
<container_name>/<prefix>/*
- object:
<container_name>/<prefix>/<object_name>
- all container objects:
-
Optional: to add a condition that will define in which cases the rule will work, click Add Condition. Any number of conditions can be added. For the condition, specify:
- key — The parameter to which the condition will be applied;
- operator — checks if the value from the request matches the value of the key;
- value — value of the key, you can add multiple values;
- optional: checkbox Apply if the field exists (equivalent to the
IfExists
operator). If the checkbox is checked and a field with this key exists, the condition will be applied. If the field does not exist, it will be created with the specified value.
-
Click Save.