本文介绍如何设置、获取和删除指定存储空间(Bucket)的授权策略(Policy)。

背景信息

Bucket Policy是基于资源的授权策略。Bucket Policy常见的应用场景如下:

  • 向其他账号的RAM用户授权访问。

    您可以授予其他账号的RAM用户访问您的OSS资源的权限。

  • 向匿名用户授予带特定IP条件限制的访问权限。

    某些场景下,您需要向匿名用户授予带IP限制的访问策略。例如,企业内部的机密文档,只允许在企业内部访问,不允许在其他区域访问。由于企业内部人员较多,如果针对每个人配置RAM Policy,工作量非常大。此时,您可以基于Bucket Policy设置带IP限制的访问策略,从而高效方便地进行授权。

有关Bucket Policy的配置详情及场景案例,请参见使用Bucket Policy授权其他用户访问OSS资源。有关Policy语法,请参见权限策略语法和结构

设置Bucket Policy

以下代码用于设置Bucket Policy:

#include <alibabacloud/oss/OssClient.h>
using namespace AlibabaCloud::OSS;

int main(void)
{
    /* 初始化OSS账号信息 */
    std::string AccessKeyId = "yourAccessKeyId";
    std::string AccessKeySecret = "yourAccessKeySecret";
    std::string Endpoint = "yourEndpoint";
    std::string BucketName = "yourBucketName";

    /* 初始化网络等资源 */
    InitializeSdk();

    ClientConfiguration conf;
    OssClient client(Endpoint, AccessKeyId, AccessKeySecret, conf);

    /* 设置存储空间授权策略,例如该存储空间下,可列举或下载前缀为user1/的对象 */
    std::string policy = 
        R"(
        {
            "Statement": [
            {
                "Action": [
                    "oss:GetObject",
                    "oss:ListObjects"
                ],
                    "Effect" : "Allow",
                        "Resource" : ["acs:oss:*:*:*/user1/*"]
            }
            ],
                "Version": "1"
        }
        )";
    SetBucketPolicyRequest request(BucketName);
    request.setPolicy(policy);
    auto outcome = client.SetBucketPolicy(request);

    if (!outcome.isSuccess()) {
        /* 异常处理 */
        std::cout << "Set Bucket Policy fail" <<
            ",code:" << outcome.error().Code() <<
            ",message:" << outcome.error().Message() <<
            ",requestId:" << outcome.error().RequestId() << std::endl;
    }

    /* 释放网络等资源 */
    ShutdownSdk();
    return 0;
}

有关设置Bucket Policy详情,请参见PutBucketPolicy

获取Bucket Policy

以下代码用于获取Bucket Policy信息:

#include <alibabacloud/oss/OssClient.h>
using namespace AlibabaCloud::OSS;

int main(void)
{
    /* 初始化OSS账号信息 */
    std::string AccessKeyId = "yourAccessKeyId";
    std::string AccessKeySecret = "yourAccessKeySecret";
    std::string Endpoint = "yourEndpoint";
    std::string BucketName = "yourBucketName";

    /* 初始化网络等资源 */
    InitializeSdk();

    ClientConfiguration conf;
    OssClient client(Endpoint, AccessKeyId, AccessKeySecret, conf);

    /* 获取存储空间授权策略 */
    GetBucketPolicyRequest request(BucketName);
    auto outcome = client.GetBucketPolicy(request);

    if (!outcome.isSuccess()) {
        /* 异常处理 */
        std::cout << "Get Bucket Policy fail" <<
            ",code:" << outcome.error().Code() <<
            ",message:" << outcome.error().Message() <<
            ",requestId:" << outcome.error().RequestId() << std::endl;
            ShutdownSdk();
            return -1;
    }

    /* 打印配置信息*/
    std::cout << outcome.result().Policy() << std::endl;

    /* 释放网络等资源 */
    ShutdownSdk();
    return 0;
}

有关获取Bucket Policy信息详情,请参见GetBucketPolicy

删除Bucket Policy

以下代码用于删除Bucket Policy:

#include <alibabacloud/oss/OssClient.h>
using namespace AlibabaCloud::OSS;

int main(void)
{
    /* 初始化OSS账号信息 */
    std::string AccessKeyId = "yourAccessKeyId";
    std::string AccessKeySecret = "yourAccessKeySecret";
    std::string Endpoint = "yourEndpoint";
    std::string BucketName = "yourBucketName";

    /* 初始化网络等资源 */
    InitializeSdk();

    ClientConfiguration conf;
    OssClient client(Endpoint, AccessKeyId, AccessKeySecret, conf);

    /* 删除存储空间授权策略 */
    DeleteBucketPolicyRequest request(BucketName);
    auto outcome = client.DeleteBucketPolicy(request);

    if (!outcome.isSuccess()) {
        /* 异常处理 */
        std::cout << "Delete Bucket Policy fail" <<
            ",code:" << outcome.error().Code() <<
            ",message:" << outcome.error().Message() <<
            ",requestId:" << outcome.error().RequestId() << std::endl;
    }

    /* 释放网络等资源 */
    ShutdownSdk();
    return 0;
}

有关删除Bucket Policy详情,请参见DeleteBucketPolicy