You can configure bucket policies to grant permissions to other users to access specified Object Storage Service (OSS) resources.
Background information
- The owner of a bucket can configure bucket policies for the bucket in the OSS console by using the GUI or by specifying policy syntax. Before you configure bucket policies by specifying policy syntax, you must understand the Action, Resource, and Condition fields in bucket policies. For more information, see Overview.
- If you select Anonymous Accounts (*) for the Accounts parameter and do not configure the Conditions parameter when you configure a bucket policy, the bucket policy applies to all users except for the bucket owner. If you select Anonymous Accounts (*) for the Accounts parameter and configure the Conditions parameter when you configure a bucket policy, the bucket policy applies to all users, including the bucket owner.
- You can configure multiple bucket policies for a bucket. The total size of the policies cannot exceed 16 KB.
Method 1: Configure bucket policies by using the GUI
Method 2: Configure bucket policies by specifying policy syntax
Access authorized OSS resources
After you configure a bucket policy for a bucket, you can use the following methods to access the resources specified in the bucket policy:
- Object URL (only for authorized anonymous users)
Anonymous users can enter the URL of an object specified in the policy in a browser to access the object. The URL of the object consists of the default domain name of the bucket or a custom domain name mapped to the bucket and the path of the object. Example:
http://mybucket.oss-cn-beijing.aliyuncs.com/file/myphoto.png
. For more information, see OSS domain names. - OSS console
Log on to the OSS console. In the left-side navigation pane, click the + icon next to My OSS Paths. In the Add Path panel, add the bucket name and the object path specified in the bucket policy. For more information, see Set OSS paths.
- ossutil
Use the authorized account that is specified in the bucket policy to log on to ossutil to access the resources specified in the policy. For more information, see ossutil.
- ossbrowser
Use the authorized account that is specified in the bucket policy to log on to ossbrowser. Enter the path of the object specified in the policy in the Preset OSS Path field. For more information, see ossbrowser.
- OSS SDK
You can use OSS SDKs for the following programming languages to access the resources that are specified in the policy: Java, PHP, Node.js, Python, Browser.js, .NET, Android, Go, iOS, C++, and C.