Object Storage Service:Custom policies for OSS

What is a custom policy?

Resource Access Management (RAM) policies are classified into system policies and custom policies. You can create, update, and delete custom policies. You need to manage the versions of custom policies.

• After you create a custom policy, you need to attach the policy to intended RAM users, user groups, or RAM roles to grant them the permissions defined in the policy.

• You can delete a RAM policy that is not attached to a principal. If the RAM policy is attached to a principal, you must detach the RAM policy from the principal before you can delete the RAM policy.

• Custom policies can be versioned. You can manage the versions of your custom policies in accordance with the defined RAM version management rules.

References

• Create custom policies

• Modify the document and description of a custom policy

• Delete a custom policy

• Manage policy references

• Manage custom policy versions

Common scenarios and examples of custom policies

• Example 1: Authorize a RAM user to completely control a bucket

• Example 2: Prohibit a RAM user from deleting multiple objects in a bucket

• Example 3: Authorize a RAM user to list and read objects in a bucket

• Example 4: Prohibit a RAM user from deleting a bucket

• Example 5: Authorize a RAM user to access multiple directories in a bucket

• Example 6: Prohibit a RAM user from deleting an object in a bucket

• Example 7: Prohibit a RAM user from accessing objects with specific tags

• Example 8: Authorize a RAM user to access OSS from specific IP addresses

• Example 9: Use RAM or STS to authorize users to access OSS resources

• Example 10: Use RAM policies to deny uploads of objects whose access control list (ACL) is public-read or public-read-write

• Example 11: Authorize a RAM user to use Intelligent Media Management (IMM) features

• Example 12: Authorize a RAM user to change the storage redundancy type

• Example 13: Authorize a RAM user to place an order for an OSS resource plan

• Example 14: Authorize a RAM user to activate OSS

RAM authorization

To use custom policies for access control, you need to understand your access control requirements in your business scenarios and OSS authorization information. For more information, see RAM policies.