Administering Bucket Policies

Describes how to manage the bucket policy associated with a bucket.

A bucket policy specifies domain users and the operations they can perform on buckets. Bucket policies override the default bucket policy inherited from the account.

TIP
A bucket policy is an access control mechanism applied to objects stored on an S3 object store associated with Data Fabric, while a security policy is an access control mechanism for data stored on Data Fabric volumes.

Typically, a fabric manager applies policies; however, given the proper permissions, domain and IAM users can also apply policies.

A bucket policy comprises the following elements:

  • Effect : Allow or deny permission on a resource.
  • Principal: The user, group that is allowed or denied resource access.
  • Action: The operation on the resource that is allowed or denied.
  • Resource: The bucket resource(s) on which the action is allowed or denied.

You can create bucket policies by using the Data Fabric UI. There are two methods: