edit-icon download-icon

OSS authorization policy samples

Last Updated: Feb 07, 2018
  • Use Case #1

The following policy sample allows a RAM user to do READ operations on a specified OSS bucket (for example, myphotos) through the OSS web console.

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Effect": "Allow",
  6. "Action": "oss:ListBuckets",
  7. "Resource": "acs:oss:*:*:*"
  8. },
  9. {
  10. "Effect": "Allow",
  11. "Action": [
  12. "oss:ListObjects",
  13. "oss:GetBucketAcl"
  14. ],
  15. "Resource": "acs:oss:*:*:myphotos"
  16. },
  17. {
  18. "Effect": "Allow",
  19. "Action": [
  20. "oss:GetObject",
  21. "oss:GetObjectAcl"
  22. ],
  23. "Resource": "acs:oss:*:*:myphotos/*"
  24. }
  25. ]
  26. }
  • Use Case #2

The following policy sample allows a RAM user to do READ operations on a specified OSS bucket (for example, myphotos) through the OSS SDK, where the Source IP address of a HTTP request must be “42.120.88.18” or “42.120.66.0/24”.

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Effect": "Allow",
  6. "Action": [
  7. "oss:ListBuckets"
  8. ],
  9. "Resource": [
  10. "acs:oss:*:*:*"
  11. ]
  12. },
  13. {
  14. "Effect": "Allow",
  15. "Action": [
  16. "oss:ListObjects",
  17. "oss:GetObject"
  18. ],
  19. "Resource": [
  20. "acs:oss:*:*:myphotos",
  21. "acs:oss:*:*:myphotos/*"
  22. ],
  23. "Condition":{
  24. "IpAddress": {
  25. "acs:SourceIp": ["42.120.88.18", "42.120.66.0/24"]
  26. }
  27. }
  28. }
  29. ]
  30. }
  • Use Case #3

The following policy sample allows a RAM user to do READ operations on a specified OSS path (for example, myphotos/hangzhou/2015/) through the OSS web console.

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Effect": "Allow",
  6. "Action": [
  7. "oss:ListBuckets",
  8. "oss:GetBucketAcl"
  9. ],
  10. "Resource": [
  11. "acs:oss:*:*:*"
  12. ]
  13. },
  14. {
  15. "Effect": "Allow",
  16. "Action": [
  17. "oss:GetObject",
  18. "oss:GetObjectAcl"
  19. ],
  20. "Resource": [
  21. "acs:oss:*:*:myphotos/hangzhou/2015/*"
  22. ]
  23. },
  24. {
  25. "Effect": "Allow",
  26. "Action": [
  27. "oss:ListObjects"
  28. ],
  29. "Resource": [
  30. "acs:oss:*:*:myphotos"
  31. ],
  32. "Condition": {
  33. "StringLike": {
  34. "oss:Delimiter": "/",
  35. "oss:Prefix": [
  36. "",
  37. "hangzhou/",
  38. "hangzhou/2015/*"
  39. ]
  40. }
  41. }
  42. }
  43. ]
  44. }
Thank you! We've received your feedback.