本文介绍如何设置、获取和删除指定存储空间(Bucket)的授权策略(Policy)。
背景信息
Bucket Policy是基于资源的授权策略。Bucket Policy常见的应用场景如下:
- 向其他账号的RAM用户授权访问。
您可以授予其他账号的RAM用户访问您的OSS资源的权限。
- 向匿名用户授予带特定IP条件限制的访问权限。
某些场景下,您需要向匿名用户授予带IP限制的访问策略。例如,企业内部的机密文档,只允许在企业内部访问,不允许在其他区域访问。由于企业内部人员较多,如果针对每个人配置RAM Policy,工作量非常大。此时,您可以基于Bucket Policy设置带IP限制的访问策略,从而高效方便地进行授权。
有关Bucket Policy的配置详情及场景案例,请参见使用Bucket Policy授权其他用户访问OSS资源。有关Policy语法,请参见权限策略语法和结构。
设置Bucket Policy
以下代码用于设置Bucket Policy:
using Aliyun.OSS;
using Aliyun.OSS.Common;
var endpoint = "<yourEndpoint>";
// 阿里云主账号AccessKey拥有所有API的访问权限,风险很高。强烈建议您创建并使用RAM账号进行API访问或日常运维,请登录RAM控制台创建RAM账号。
String accessKeyId = "<yourAccessKeyId>";
var accessKeyId = "<yourAccessKeyId>";
var accessKeySecret = "<yourAccessKeySecret>";
var bucketName = "<yourBucketName>";
// 创建OSSClient实例。
var client = new OssClient(endpoint, accessKeyId, accessKeySecret);
try
{
//设置Bucket Policy。
string policy = "{\"Version\":\"1\",\"Statement\":[{\"Action\":[\"oss:PutObject\",\"oss:GetObject\"],\"Resource\": \"acs:oss:*:*:*\",\"Effect\": \"Deny\"}]}\n";
var request = new SetBucketPolicyRequest(bucketName, policy);
client.SetBucketPolicy(request);
Console.WriteLine("Set bucket:{0} Policy succeeded ", bucketName);
}
catch (OssException ex)
{
Console.WriteLine("Failed with error code: {0}; Error info: {1}. \nRequestID:{2}\tHostID:{3}",
ex.ErrorCode, ex.Message, ex.RequestId, ex.HostId);
}
catch (Exception ex)
{
Console.WriteLine("Failed with error info: {0}", ex.Message);
}
有关设置Bucket Policy详情,请参见PutBucketPolicy。
获取Bucket Policy
以下代码用于获取Bucket Policy信息:
using Aliyun.OSS;
using Aliyun.OSS.Common;
var endpoint = "<yourEndpoint>";
var accessKeyId = "<yourAccessKeyId>";
var accessKeySecret = "<yourAccessKeySecret>";
var bucketName = "<yourBucketName>";
// 创建OssClient实例。
var client = new OssClient(endpoint, accessKeyId, accessKeySecret);
try
{
// 获取Bucket Policy。
var result = client.GetBucketPolicy(bucketName);
Console.WriteLine("Get bucket:{0} Policy succeeded ", bucketName);
Console.WriteLine("Policy: {0}", result.Policy);
}
catch (OssException ex)
{
Console.WriteLine("Failed with error code: {0}; Error info: {1}. \nRequestID:{2}\tHostID:{3}",
ex.ErrorCode, ex.Message, ex.RequestId, ex.HostId);
}
catch (Exception ex)
{
Console.WriteLine("Failed with error info: {0}", ex.Message);
}
有关获取Bucket Policy信息详情,请参见GetBucketPolicy。
删除Bucket Policy
以下代码用于删除Bucket Policy:
using Aliyun.OSS;
using Aliyun.OSS.Common;
var endpoint = "<yourEndpoint>";
var accessKeyId = "<yourAccessKeyId>";
var accessKeySecret = "<yourAccessKeySecret>";
var bucketName = "<yourBucketName>";
// 创建OSSClient实例。
var client = new OssClient(endpoint, accessKeyId, accessKeySecret);
try
{
// 删除Bucket Policy。
client.DeleteBucketPolicy(bucketName);
Console.WriteLine("Delete bucket:{0} Policy succeeded ", bucketName);
}
catch (OssException ex)
{
Console.WriteLine("Failed with error code: {0}; Error info: {1}. \nRequestID:{2}\tHostID:{3}",
ex.ErrorCode, ex.Message, ex.RequestId, ex.HostId);
}
catch (Exception ex)
{
Console.WriteLine("Failed with error info: {0}", ex.Message);
}
有关删除Bucket Policy详情,请参见DeleteBucketPolicy。
在文档使用中是否遇到以下问题
更多建议
匿名提交