Change access policy
When you change the policy, you can add new rules, modify or delete existing. You can add and remove conditions in the rules.
Change the rule
When editing rules, you can change all settings, as well as add, modify, and delete conditions.
-
In control panel go to Object Storage → Containers.
-
Open the container page → tab Access Policy.
-
Click Edit.
-
Open the rule card.
-
Change the name of the rule.
-
In the field Access select the type of rule.
-
Specify Principal: Select which users the rule will apply to:
- all on users with any role and unauthorized users who accessed the container;
- authorized — for individual users of the project.
-
If you selected access for authorized users, add users from the list.
-
Select the set of actions that apply in the rule:
- reader — a set of rights to view the container and objects in it;
- editor — a set of rights to edit the container and objects in it;
- arbitrary — an empty set to which you can add any actions;
- everyone is a collection of everyone actions.
-
If you've chosen a set Arbitraryadd action to it.
-
Optional: if you have selected a different set, add new actions or delete pre-filled ones if necessary. When editing a set, its type will change to Arbitrary.
-
Specify the resources of the container to which the rule will apply. You cannot specify resources of another container:
- all the objects in the container:
<container_name>/*
- objects with a specific prefix:
<container_name>/<prefix>/*
- object:
<container_name>/<prefix>/<object_name>
- all the objects in the container:
-
Optional: to add stipulation to determine in which cases the rule will work, press Add condition. You can add any number of conditions. For a condition, specify:
- key — parameter to which the condition will be applied;
- operator — checks if the value from the query matches the value of the key;
- value — value of the key, you can add multiple values;
- optional: check the checkbox Apply if the field exists (equivalent to the operator
IfExists
). If the checkbox is checked the field with this key exists, the condition will be applied. If the field does not exist, it will be created with the specified value.changes to the rule.
-
Click Save.
Delete rule
- In control panel go to Object Storage → Containers.
- Open the container page → tab Access Policy.
- Click Edit.
- On the menu. rules click Delete rule → Delete.