Skip to main content
Change access policy

Change access policy

When you change the policy, you can add new rules, modify or delete existing rules. You can add and remove conditions in rules.

Change the rule

When editing rules, you can change all settings, as well as add, modify, and delete conditions.

  1. In the Control Panel, on the top menu, click Products and select Object Storage.

  2. Go to the Containers section.

  3. Open the container page → Access Policy tab.

  4. Click Edit.

  5. Open the rule card.

  6. Change the name of the rule.

  7. In the Access field, select the type of rule.

  8. Specify Principal: Select which users the rule will apply to:

    • all — on users with any role and unauthorized users who accessed the container;
    • authorized — for individual users of the project.

  9. If you selected access for authorized users, add users from the list.

  10. Select the set of actions that apply in the rule:

  • reader — a set of rights to view the container and objects in it;
  • editor — a set of rights to edit the container and objects in it;
  • arbitrary — an empty set to which you can add any actions;
  • everything is a set of all actions.

  1. If you chose the Arbitrary set, add actions to it.

  2. Optional: if you have selected a different set, add new actions or delete pre-filled ones if necessary. When editing a set, its type will change to Arbitrary.

  3. Specify the resources of the container to which the rule will apply. You cannot specify resources of another container:

    • all container objects: <container_name>/*
    • objects with a specific prefix: <container_name>/<prefix>/*
    • object: <container_name>/<prefix>/<object_name>

  4. Optional: To add a condition that determines when the rule will work, click Add Condition. You can add any number of conditions. For a condition, specify:

    • key — parameter to which the condition will be applied;
    • operator — checks if the value from the query matches the value of the key;
    • value — value of the key, you can add multiple values;
    • optional: checkbox Apply if the field exists (equivalent to the IfExists operator ). If the checkbox is checked the field with this key exists, the condition will be applied. If the field does not exist, it will be created with the specified value.

  5. Click Save.

Delete rule

  1. In the Control Panel, on the top menu, click Products and select Object Storage.
  2. Go to the Containers section.
  3. Open the container page → Access Policy tab.
  4. Click Edit.
  5. In the menu of the rule, click Delete RuleDelete.