You can call GetBucketPolicy to query the policies configured for a specified bucket.

Bucket policies provide resource-based authorization for users. Bucket policies apply to the following scenarios:

  • Authorize RAM users of other accounts to access your OSS resources.

    You can authorize RAM users of other accounts to access your OSS resources.

  • Authorize anonymous users to access your OSS resources using specific IP addresses or IP ranges.

    In some cases, you must authorize anonymous users to access OSS resources using specific IP addresses or IP ranges. For example, confidential documents of an enterprise are only allowed to be accessed within the enterprise but not in other regions. Previously, configuring RAM policies for every user was a tedious and complex task because of the potential for a large number of internal users. To resolve this issue, you can configure access policies with IP restrictions based on bucket policies to authorize a large number of users easily and efficiently.

For more information about bucket policy configurations and use cases, see Use bucket policies to authorize other users to access OSS resources. For more information about bucket policy syntax, see Policy structure and grammar.

Request syntax

GET /? policy
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue

Examples

  • Sample requests
    GET /? policy
    Host: oss-example.oss-cn-hangzhou.aliyuncs.com
    Date: Tue, 13 Nov 2018 09:09:13 GMT
    Authorization: OSS xxxxxxxxx:xxxxxxxxxxx
  • Sample responses
    200 (OK)
    server: AliyunOSS
    x-oss-server-time: 24
    connection: keep-alive
    x-oss-request-id: 5C6E9847BE0EBCD13DA90C11
    date: Thu, 21 Feb 2019 12:23:35 GMT
    content-type: application/json
    {
      "Version":"1",
      "Statement":[
        {
          "Action":[
            "oss:PutObject",
            "oss:GetObject"
          ],
          "Effect":"Deny",
          "Principal":["1234567890"],
          "Resource":["acs:oss:*:1234567890:*/*"]
        }
      ]
    }

Error codes

Error code HTTP status code Description
NoSuchBucketPolicy 404 No policy is configured for the requested bucket.