Administering Bucket Policies
Describes how to manage the bucket policy associated with a bucket.
A bucket policy specifies domain users and the operations they can perform on buckets. Bucket policies override the default bucket policy inherited from the account.
TIP
A bucket policy is an access control mechanism applied to objects
stored on an S3 object store associated with Data Fabric, while a security policy is
an access control mechanism for data stored on Data Fabric volumes. Typically, a fabric manager applies policies; however, given the proper permissions, domain and IAM users can also apply policies.
A bucket policy comprises the following elements:
- Effect : Allow or deny permission on a resource.
- Principal: The user, group that is allowed or denied resource access.
- Action: The operation on the resource that is allowed or denied.
- Resource: The bucket resource(s) on which the action is allowed or denied.
You can create bucket policies by using the Data Fabric UI. There are two methods:
- Create or upload JSON from a file . See Creating a Bucket Policy using JSON
- Use the policy generator to construct a JSON. See Creating a Bucket Policy using Policy Generator