All Products
Search
Document Center

Object Storage Service:PutBucketPolicy

Last Updated:Jun 03, 2026

PutBucketPolicy configures an authorization policy for a bucket or vector bucket.

Permissions

Alibaba Cloud accounts have full permissions by default. Resource Access Management (RAM) users and roles have no permissions by default. The account owner or an administrator must grant permissions through a RAM Policy or Bucket Policy.

API

Action

Description

PutBucketPolicy

oss:PutBucketPolicy

Sets the authorization policy for a specified bucket.

Request syntax

PUT /?policy
Host: Host
Date: GMT Date
Authorization: SignatureValue
Policy written in JSON

Request headers

DescribeRegions uses only common request headers. For more information, see Common request headers.

Response headers

The response contains only common response headers. For more information, see Common response headers.

Examples

Bucket example

  • Request example

    PUT /?policy
    Content-Length: 230
    Host: oss-example.oss-cn-hangzhou.aliyuncs.com
    Date: Thu, 17 Apr 2025 12:51:09 GMT
    Authorization: OSS4-HMAC-SHA256 Credential=LTAI********************/20250417/cn-hangzhou/oss/aliyun_v4_request,Signature=a7c3554c729d71929e0b84489addee6b2e8d5cb48595adfc51868c299c0c218e
    {
       "Version":"1",
       "Statement":[
       {
         "Action":[
           "oss:PutObject",
           "oss:GetObject"
        ],
        "Effect":"Deny",
        "Principal":["1234567890"],
        "Resource":["acs:oss:*:1234567890:*/*"]
       }
      ]
    }
  • Response example

    HTTP/1.1 200 OK
    content-length: 0
    server: AliyunOSS
    x-oss-server-time: 87
    connection: keep-alive
    x-oss-request-id: 5C6E9EBD5CC26B28EE41****
    date: Thu, 21 Feb 2019 12:51:09 GMT

Vector bucket example

For vector buckets, the Host header region must be a standard Alibaba Cloud region ID (for example, cn-hangzhou), not a legacy OSS region ID (for example, oss-cn-hangzhou).
  • Request example

    PUT /?policy
    Content-Length: 230
    Host: exampebucket-123***456.cn-hangzhou-internal.oss-vectors.aliyuncs.com
    Date: Thu, 17 Apr 2025 12:51:09 GMT
    Authorization: OSS4-HMAC-SHA256 Credential=LTAI********************/20250417/cn-hangzhou/oss/aliyun_v4_request,Signature=a7c3554c729d71929e0b84489addee6b2e8d5cb48595adfc51868c299c0c218e
    {
       "Version":"1",
       "Statement":[
           {
             "Action":[
               "oss:PutVectors",
               "oss:GetVectors"
            ],
            "Effect":"Deny",
            "Principal":["1234567890"],
            "Resource":["acs:ossvector:cn-hangzhou:1234567890:bucket/vector-example/*"]
           }
        ]
     }
  • Response example

    HTTP/1.1 200 OK
    content-length: 0
    server: AliyunOSS
    x-oss-server-time: 87
    connection: keep-alive
    x-oss-request-id: 5C6E9EBD5CC26B28EE41****
    date: Thu, 21 Feb 2019 12:51:09 GMT

SDK

Call this operation with the following SDKs:

ossutil command-line tool

The corresponding ossutil command is put-bucket-policy.