All Products
Search

This Product

    Resource Access Management:Object Storage Service (OSS)

    Document Center

    Resource Access Management:Object Storage Service (OSS)

    Last Updated:Sep 30, 2021

    Resource Access Management (RAM) users or RAM roles must be granted permissions before they can access cloud resources. RAM uses policies to define permissions. A cloud service defines elements that can be used in a policy statement, such as Action, Resource, and Condition. This topic describes the permissions on OSS.

    The code (RamCode) in RAM that is used to indicate OSS is oss. You can grant permissions on OSS at the resource level.

    Action

    The following table describes the values that you can use in the Action element of a policy statement. The values are defined by OSS. The following list describes the columns in the table:

    • Action: the value that you can use in the Action element to specify the operation on a resource.

    • API: the API operation that you can call to perform the action. In most cases, only one API operation of a cloud service is required to perform an action. In some cases, multiple API operations must be called to perform an action, or an API operation can be called to perform multiple actions.

    • Access level: the access level of each action. The levels are read, write, and list.

    • Resource type: the type of the resource on which you can authorize a RAM user or a RAM role to perform the operation. Take note of the following items:

      • The required resource types are displayed in bold characters.

      • If the permissions cannot be granted at the resource level, All resources is used in the Resource type column of the action.

    • Condition key: the condition keys that are defined by a cloud service. The Condition key column does not list the common condition keys that are defined by Alibaba Cloud. For more information about the common condition keys, see Policy elements.

    • Dependent action: other actions that a RAM user or a RAM role must have permissions to perform the action. To successfully call the action, a RAM user or a RAM role must have the permissions to perform the dependent action.

    Actions

    APIs

    Access level

    Resource types

    Condition keys

    Dependent actions

    oss:AbortBucketWorm

    AbortBucketWorm

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:AbortMultipartUpload

    AbortMultipartUpload

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:CompleteBucketWorm

    CompleteBucketWorm

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteBucket

    DeleteBucket

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteBucketCORS

    DeleteBucketCORS

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteBucketEncryption

    DeleteBucketEncryption

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteBucketInventory

    DeleteBucketInventory

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteBucketLifecycle

    DeleteBucketLifecycle

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteBucketLogging

    DeleteBucketLogging

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteBucketPolicy

    DeleteBucketPolicy

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteBucketReplication

    DeleteBucketReplication

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteBucketTagging

    DeleteBucketTags

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteBucketWebsite

    DeleteBucketWebsite

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteLiveChannel

    DeleteLiveChannel

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteObject

    DeleteMultipleObjects

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteObject

    DeleteObject

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteObjectTagging

    DeleteObjectTagging

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:ExistingObjectTag




    N/A

    oss:DeleteObjectVersion

    N/A

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:DeleteObjectVersionTagging

    N/A

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:ExistingObjectTag


    oss:BucketTag





    N/A

    oss:ExtendBucketWorm

    ExtendBucketWorm

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketAcl

    GetBucketAcl

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketCORS

    GetBucketCORS

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketEncryption

    GetBucketEncryption

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketInfo

    GetBucketInfo

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketInventory

    GetBucketInventory

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketLifecycle

    GetBucketLifecycle

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketLocation

    GetBucketLocation

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketLogging

    GetBucketLogging

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketPolicy

    GetBucketPolicy

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketReferer

    GetBucketReferer

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketReplication

    GetBucketReplication

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketReplicationLocation

    GetBucketReplicationLocation

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketReplicationProgress

    GetBucketReplicationProgress

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketRequestPayment

    GetBucketRequestPayment

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketTagging

    GetBucketTags

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketVersioning

    GetBucketVersioning

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketWebsite

    GetBucketWebsite

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetBucketWorm

    GetBucketWorm

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetLiveChannel

    GetLiveChannelInfo

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetLiveChannelHistory

    GetLiveChannelHistory

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetLiveChannelStat

    GetLiveChannelStat

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:GetObject

    GetObject

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:ExistingObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag





    N/A

    oss:GetObject

    GetObjectMeta

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:ExistingObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag





    N/A

    oss:GetObject

    GetSymlink

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:ExistingObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag





    N/A

    oss:GetObject

    HeadObject

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:ExistingObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag





    N/A

    oss:GetObject

    SelectObject

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:ExistingObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag





    N/A

    oss:GetObjectAcl

    GetObjectAcl

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:ExistingObjectTag


    oss:BucketTag





    N/A

    oss:GetObjectTagging

    GetObjectTagging

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:ExistingObjectTag


    oss:RequestObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag






    N/A

    oss:GetObjectVersion

    N/A

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:ExistingObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag





    N/A

    oss:GetObjectVersionAcl

    N/A

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:ExistingObjectTag


    oss:BucketTag





    N/A

    oss:GetObjectVersionTagging

    N/A

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:ExistingObjectTag


    oss:RequestObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag






    N/A

    oss:GetVodPlaylist

    GetVodPlaylist

    Read


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:InitiateBucketWorm

    InitiateBucketWorm

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:ListBucketInventory

    ListBucketInventory

    List


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:ListBuckets

    GetService

    List


    All resources


    acs:oss:*:{#accountId}:*




    acs:UserAgent


    acs:AccessId



    N/A

    oss:ListBuckets

    ListBuckets

    List


    All resources


    acs:oss:*:{#accountId}:*




    acs:UserAgent


    acs:AccessId



    N/A

    oss:ListLiveChannel

    ListLiveChannel

    List


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:ListMultipartUploads

    ListMultipartUploads

    List


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:ListObjectVersions

    ListObjectVersions

    List


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag


    oss:Prefix


    oss:Delimiter






    N/A

    oss:ListObjects

    GetBucket

    Read


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag


    oss:Prefix


    oss:Delimiter






    N/A

    oss:ListObjects

    ListObjects

    List


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    oss:Prefix


    oss:Delimiter


    acs:UserAgent


    acs:AccessId


    oss:BucketTag






    N/A

    oss:ListParts

    ListParts

    List


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:OptionObject

    OptionObject

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PostVodPlaylist

    PostVodPlaylist

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucket

    PutBucket

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketAcl

    PutBucketAcl

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketCORS

    PutBucketCORS

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketEncryption

    PutBucketEncryption

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketInventory

    PutBucketInventory

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketLifecycle

    PutBucketLifecycle

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketLogging

    PutBucketLogging

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketPolicy

    PutBucketPolicy

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketReferer

    PutBucketReferer

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketReplication

    PutBucketReplication

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketRequestPayment

    PutBucketRequestPayment

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketTagging

    PutBucketTags

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketVersioning

    PutBucketVersioning

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutBucketWebsite

    PutBucketWebsite

    Write


    Bucket


    acs:oss:*:{#accountId}:{#BucketName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutLiveChannel

    PutLiveChannel

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutLiveChannelStatus

    PutLiveChannelStatus

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutObject

    AppendObject

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutObject

    CompleteMultipartUpload

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutObject

    CopyObject

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag





    oss:GetObject


    oss:PutObject

    InitiateMultipartUpload

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutObject

    PostObject

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:RequestObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag





    N/A

    oss:PutObject

    PutObject

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:RequestObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag





    N/A

    oss:PutObject

    PutSymlink

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutObject

    UploadPart

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutObject

    UploadPartCopy

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag





    oss:GetObject


    oss:PutObjectAcl

    PutObjectAcl

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:PutObjectTagging

    PutObjectTagging

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:ExistingObjectTag


    oss:RequestObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag






    N/A

    oss:PutObjectVersionAcl

    N/A

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId



    N/A

    oss:PutObjectVersionTagging

    N/A

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    oss:ExistingObjectTag


    oss:RequestObjectTag


    acs:UserAgent


    acs:AccessId


    oss:BucketTag






    N/A

    oss:RestoreObject

    RestoreObject

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    oss:RestoreObjectVersion

    N/A

    Write


    Object


    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}




    acs:UserAgent


    acs:AccessId


    oss:BucketTag




    N/A

    Resource

    The following table describes the values that you can use in the Resource element of a policy statement. The values are defined by OSS.

    The Alibaba Cloud Resource Name (ARN) is the unique identifier of the resource on Alibaba Cloud. Take note of the following items:

    • {#} indicates a variable. {#} must be replaced with an actual value. For example, {#regionId} must be replaced with the actual ID of the region where your resource resides.

    • An asterisk (*) is used as a wildcard. Examples:

      • If you specify {#resourceType}/*, all resources are specified.

      • If {#regionId} is set to *, all regions are specified.

      • If {#accountId} is set to *, all Alibaba Cloud accounts are specified.

    Resource type

    ARN

    Bucket

    acs:oss:*:{#accountId}:{#BucketName}

    Object

    acs:oss:*:{#accountId}:{#BucketName}/{#ObjectName}

    Condition

    The following table describes the values that you can use in the Condition element of a policy statement. The values are defined by OSS. The following table describes the service-specific condition keys. The common condition keys that are defined by Alibaba Cloud also apply to OSS. For more information about the common condition keys, see Policy elements.

    The data type determines which condition operators you can use to compare the value in a request with the value in a policy statement. You must use condition operators that are supported by the data type. Otherwise, you cannot compare the value in the request with the value in the policy statement. In this case, the authorization is invalid. For more information about the condition operators that are supported by each data type, see Policy elements.

    Condition keys

    Description

    Type

    acs:UserAgent

    Specify the HTTP User-Agent header.

    String

    oss:Prefix

    Enumerate Objects with the specified prefix when requesting ListObjects.

    String

    oss:Delimiter

    The character used to group Object names when requesting ListObjects.

    String

    acs:AccessId

    The AccessId contained in the request.

    String

    oss:BucketTag

    A tag key and value pair that are attached to a OSS bucket.

    String

    oss:ExistingObjectTag

    The existing Object tag that was passed in the request.

    String

    oss:RequestObjectTag

    The Object tag that was passed in the request.

    String