PutBucketPolicy configures an authorization policy for a bucket or vector bucket.
Permissions
Alibaba Cloud accounts have full permissions by default. Resource Access Management (RAM) users and roles have no permissions by default. The account owner or an administrator must grant permissions through a RAM Policy or Bucket Policy.
|
API |
Action |
Description |
|
PutBucketPolicy |
oss:PutBucketPolicy |
Sets the authorization policy for a specified bucket. |
Request syntax
PUT /?policy
Host: Host
Date: GMT Date
Authorization: SignatureValue
Policy written in JSON
Request headers
DescribeRegions uses only common request headers. For more information, see Common request headers.
Response headers
The response contains only common response headers. For more information, see Common response headers.
Examples
Bucket example
-
Request example
PUT /?policy Content-Length: 230 Host: oss-example.oss-cn-hangzhou.aliyuncs.com Date: Thu, 17 Apr 2025 12:51:09 GMT Authorization: OSS4-HMAC-SHA256 Credential=LTAI********************/20250417/cn-hangzhou/oss/aliyun_v4_request,Signature=a7c3554c729d71929e0b84489addee6b2e8d5cb48595adfc51868c299c0c218e { "Version":"1", "Statement":[ { "Action":[ "oss:PutObject", "oss:GetObject" ], "Effect":"Deny", "Principal":["1234567890"], "Resource":["acs:oss:*:1234567890:*/*"] } ] } -
Response example
HTTP/1.1 200 OK content-length: 0 server: AliyunOSS x-oss-server-time: 87 connection: keep-alive x-oss-request-id: 5C6E9EBD5CC26B28EE41**** date: Thu, 21 Feb 2019 12:51:09 GMT
Vector bucket example
For vector buckets, the Host header region must be a standard Alibaba Cloud region ID (for example, cn-hangzhou), not a legacy OSS region ID (for example, oss-cn-hangzhou).
-
Request example
PUT /?policy Content-Length: 230 Host: exampebucket-123***456.cn-hangzhou-internal.oss-vectors.aliyuncs.com Date: Thu, 17 Apr 2025 12:51:09 GMT Authorization: OSS4-HMAC-SHA256 Credential=LTAI********************/20250417/cn-hangzhou/oss/aliyun_v4_request,Signature=a7c3554c729d71929e0b84489addee6b2e8d5cb48595adfc51868c299c0c218e { "Version":"1", "Statement":[ { "Action":[ "oss:PutVectors", "oss:GetVectors" ], "Effect":"Deny", "Principal":["1234567890"], "Resource":["acs:ossvector:cn-hangzhou:1234567890:bucket/vector-example/*"] } ] } -
Response example
HTTP/1.1 200 OK content-length: 0 server: AliyunOSS x-oss-server-time: 87 connection: keep-alive x-oss-request-id: 5C6E9EBD5CC26B28EE41**** date: Thu, 21 Feb 2019 12:51:09 GMT
SDK
Call this operation with the following SDKs:
ossutil command-line tool
The corresponding ossutil command is put-bucket-policy.