This topic uses an example policy to demonstrate how to read data from a specified object in OSS.
In this example, the bucket that stores photos is named myphotos
. The bucket contains directories that indicate the places where the photos were taken.
Each directory contains subdirectories that indicate the years when the photos were
taken.
myphotos[Bucket]
├── beijing
│ ├── 2014
│ └── 2015
├── hangzhou
│ ├── 2013
│ ├── 2014
│ └── 2015
└── qingdao
├── 2014
└── 2015
The following policy indicates that the authorized RAM user can read data from the
myphotos/hangzhou/2015/
directory, but cannot list objects.
Note The RAM user knows the path of the object and can read data from the object. We recommend
that you attach this policy to your applications.
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:GetObject"
],
"Resource": [
"acs:oss:*:*:myphotos/hangzhou/2015/*"
]
}
]
}