Skip to main content
Create an access policy

Create an access policy

You can create a single access policy for a container. If a policy is created, anything not allowed by the policy rules is denied.

Create an access policy

  1. In the Control Panel, go to Object StorageContainers.
  2. Open the container page.
  3. Open the Access Policy tab.
  4. Click Create Access Policy.
  5. Add rules.
  6. Click Save.

Add rule

  1. In the Control Panel, go to Object StorageContainers.

  2. Open the container page → Access Policy tab.

  3. Click EditAdd Rule.

  4. Enter the name of the rule.

  5. In the Access field, select the type of rule.

  6. Specify Principal: Select which users the rule will apply to:

    • all — on users with any role and unauthorized users who accessed the container;
    • authorized — for individual users of the project.

  7. If you selected access for authorized users, add users from the list.

  8. Select the set of actions that apply in the rule:

    • reader — a set of rights to view the container and objects in it;
    • editor — a set of rights to edit the container and objects in it;
    • arbitrary — an empty set to which you can add any actions;
    • everything is a set of all actions.

  9. If you chose the Arbitrary set, add actions to it.

  10. Optional: if you have selected a different set, add new actions or delete pre-filled ones if necessary. When editing a set, its type will change to Arbitrary.

  11. Specify the resources of the container to which the rule will apply. You cannot specify resources of another container:

    • all container objects: <container_name>/*
    • objects with a specific prefix: <container_name>/<prefix>/*
    • object: <container_name>/<prefix>/<object_name>

  12. Optional: To add a condition that determines when the rule will work, click Add Condition. You can add any number of conditions. For a condition, specify:

    • key — parameter to which the condition will be applied;
    • operator — checks if the value from the query matches the value of the key;
    • value — value of the key, you can add multiple values;
    • optional: checkbox Apply if the field exists (equivalent to the IfExists operator ). If the checkbox is checked and a field with this key exists, the condition will be applied. If the field does not exist, it will be created with the specified value.

  13. Click Save.