Skip to main content
Create a container access policy
Last update:

Create a container access policy

You can create a single access policy for a container. If a policy is created, anything that is not allowed by the policy rules is prohibited.

Create an access policy

  1. In Control Panel, go to Object StorageContainers.
  2. Open the container page.
  3. Open the Access Policy tab.
  4. Click Create Access Policy.
  5. Add rules.
  6. Click Save.

Add rule

  1. In Control Panel, go to Object StorageContainers.

  2. Open the container page → Access Policy tab.

  3. Click EditAdd Rule.

  4. Enter the name of the rule.

  5. In the Access field, select the type of rule.

  6. Specify Principal: Select which users the rule will apply to:

    • all — on users with any role and unauthorized users who accessed the container;
    • authorized — for individual users of the project.

  7. If you selected access for authorized users, add users from the list.

  8. Select the set of actions that apply in the rule:

    • reader — a set of rights to view the container and objects in it;
    • editor — a set of rights to edit the container and objects in it;
    • arbitrary — an empty set to which you can add any actions;
    • all — set of all actions.

  9. If you chose the Random set, add actions to it.

  10. Optional: if you have selected a different set, add new actions or delete pre-filled ones if necessary. When editing a set, its type will change to Random.

  11. Specify the container resources to which the rule will apply. You cannot specify the resources of another container:

    • all container objects: <container_name>/*
    • objects with a certain prefix: <container_name>/<prefix>/*
    • object: <container_name>/<prefix>/<object_name>

  12. Optional: to add a condition that will define in which cases the rule will work, click Add Condition. Any number of conditions can be added. For the condition, specify:

    • key — The parameter to which the condition will be applied;
    • operator — checks if the value from the request matches the value of the key;
    • value — value of the key, you can add multiple values;
    • optional: checkbox Apply if the field exists (equivalent to the IfExists operator). If the checkbox is checked and a field with this key exists, the condition will be applied. If the field does not exist, it will be created with the specified value.

  13. Click Save.