All Products
Search

This Product

    Object Storage Service:put-access-point-policy

    Document Center

    Object Storage Service:put-access-point-policy

    Last Updated:Jan 03, 2025

    The put-access-point-policy command is used to create access point policies.

    Usage notes

    By default, an Alibaba Cloud account has the permissions to create access point policies. Creating access point policies as a RAM user or by using Security Token Service (STS) requires oss:PutAccessPointPolicy permission. For more information, see Grant custom permission policies to RAM users.

    Syntax

    ossutil api put-access-point-policy --bucket value --access-point-name value --body value [flags]

    Parameter

    Type

    Description

    --bucket

    string

    Name of the bucket.

    --access-point-name

    string

    Name of the access point.

    --body

    string

    Configurations of the access point policy.

    Note

    The put-access-point-policy command corresponds to the PutAccessPointPolicy operation. For more information about the parameters within, see PutAccessPointPolicy.

    --body

    The --body configuration option supports JSON format. If the value of the option contains the 'file://' prefix, configuration parameters are read from the specified file.

    JSON format:

    {
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "oss:PutObject",
        "oss:GetObject"
      ],
      "Effect": "Deny",
      "Principal": [
        "string"
      ],
      "Resource": [
        "string"
      ]
    }
  ]
}

    • Version: The version of the policy. Default value: 1.

    • Statement: A policy contains one or more arrays of policy statements, each defining a set of permissions.

      • Action: Specifies the list of operations that are allowed or denied, such as oss:PutObject and oss:GetObject.

      • Effect: Specifies whether the statement allows or denies access. Values: Allow or Deny.

      • Principal: Specifies the entity to which the policy is applicable.

      • Resource: Defines the scope of resources to which the policy is applicable.

    Note

    For more information, see Supported global command line options.

    Examples

    Attach an access point policy to an access point named ap-01 associated with examplebucket .

    • Create a configuration file named access-point-name.json and add the following code:

      {
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "oss:PutObject",
        "oss:GetObject"
      ],
      "Effect": "Deny",
      "Principal": [
        "27737962156157xxxx"
      ],
      "Resource": [
        "acs:oss:cn-hangzhou:111933544165xxxx:accesspoint/ap-01",
        "acs:oss:cn-hangzhou:111933544165xxxx:accesspoint/ap-01/object/*"
      ]
    }
  ]
}

      Sample command:

      ossutil api put-access-point-policy --bucket examplebucket --access-point-name ap-01 --body file://access-point-name.json

    • Configure parameters in the following command in the JSON format:

      ossutil api put-access-point-policy --bucket examplebucket --access-point-name ap-01 --body "{\"Version\":\"1\",\"Statement\":[{\"Action\":[\"oss:PutObject\",\"oss:GetObject\"],\"Effect\":\"Deny\",\"Principal\":[\"27737962156157xxxx\"],\"Resource\":[\"acs:oss:cn-hangzhou:111933544165xxxx:accesspoint/$ap-01\",\"acs:oss:cn-hangzhou:111933544165xxxx:accesspoint/ap-01/object/*\"]}]}"