{
"Version":"2012-10-17",
"Id":"*",
"Statement":[
{
"Sid":"*",
"Effect":"Allow",
"Principal":{ "CTYUN": "arn:ctyun:iam::32fefj64y54gc:user/test1" },
"Action":"oos:*",
"Resource":"arn:ctyun:oos:::example-bucket/*",
"Condition":{
"StringLike":{
"ctyun:Referer":[
"http://www.mysite.com/*",
"http://mysite.com/*"
]
}
}
}
]
}
{
"Version": "2012-10-17",
"Id": "PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": {
"CTYUN": "arn:ctyun:iam::32fefj64y54gc:user/test2"
},
"Action": "oos:GetObject",
"Resource": "arn:ctyun:oos:::example-bucket/*",
"Condition" : {
"IpAddress" : {
"ctyun:SourceIp": "192.168.143.0/24"
},
"NotIpAddress" : {
"ctyun:SourceIp": "192.168.143.188/32"
}
}
}
]
}
- 下面的例子可向匿名用户授予公共读权限
下面的示例策略向任何公用匿名用户授予oos:GetObject权限。此权限允许任何人读取文件数据,当用户将Bucket配置为网站并且希望每个人都能读取存储桶中的文件时,此配置十分有用。可以将bucket设置为私有,然后配置以下Bucket策略。
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal":{ "CTYUN": ["*"] },
"Action":["oos:GetObject"],
"Resource":["arn:ctyun:oos:::examplebucket/*"]
}
]
}