功能說明

用戶通過XstorBrowser配置資源（桶和對象）的訪問控制策略。

操作步驟

1.登錄XstorBrowser。

2.選擇目標桶，右鍵鼠標，點擊【桶Policy策略】。

3.根據需求在“桶ACLPolicy權限”輸入框中按照json串格式輸入桶策略，點擊【保存】完成配置。

Policy語法和場景實例

Policy語法

policy  = {
     <version_block>,
     <statement_block>
}
<version_block> = "Version" : ("2012-10-17")
<statement_block> = "Statement" : [ <statement>, <statement>, ... ]
<statement> = { 
    <effect_block>,
    <action_block>,
    <resource_block>,
    <condition_block?>,
    <Principal>
}
<effect_block> = "Effect" : ("Allow" | "Deny")  
<action_block> = "Action" : 
    ("*" | [<action_string>, <action_string>, ...])
<resource_block> = "Resource" : 
    ("*" | [<resource_string>, <resource_string>, ...])
<condition_block> = "Condition" : <condition_map>
<condition_map> = {
  <condition_type_string> : { 
      <condition_key_string> : <condition_value_list>,
      <condition_key_string> : <condition_value_list>,
      ...
  },
  <condition_type_string> : {
      <condition_key_string> : <condition_value_list>,
      <condition_key_string> : <condition_value_list>,
      ...
  }, ...
}  
<condition_value_list> = [<condition_value>, <condition_value>, ...]
<condition_value> = ("String" | "Number" | "Boolean" | "Date and time" | "IP address")

參數說明如下表所示。

場景實例

場景描述：用戶UserA需要把桶Bucket1中文件夾FileFolder下所有的對象變成公共讀。

實現：

{
  "Version" : "2012-10-17",
  "Statement":  [
    {
      "Sid":  "policy1686712182",
      "Effect":  "Allow",
      "Principal":  {
        "AWS":  "*"
      },
      "Action":  [
        "s3:GetObject"
      ],
      "Resource":  [
        "arn:aws:s3:::bucket1/filefolder/*"
      ]
    }
  ]
}

參數說明如下表所示。