Policies

Bucket policies are used to control access to objects within a bucket. These policies are attached directly to a bucket, and define who can access the data and what operations they are allowed to perform.

Use Bucket Policies

• Enforce access control at the bucket level.

• Support multi-tenant object storage

• Define permissions without changing object ACLs

• Simplify management for public or shared content.

To Apply Policies in the zata.ai Bucket

Navigate to the zata.ai dashboard click on the policies section and click on Generate policy.

Enter Policy Metadata

• Policy Name: A unique name to identify this policy (e.g., public-read-policy)

• Description: Briefly describe what this policy does (e.g., "Grants public read access to all objects")

Configure Policy Rule

Under Policy Rule 1, configure the following fields:

• Permission Type: Choose Allow or Deny (e.g., Allow read access or Deny delete actions)

• Policy Type: Select S3 (default for object storage)

• Select Users: Choose the subusers (Users) to whom this policy will apply (Example: user1, analytics-team)

• Actions: Select S3-compatible actions such as:

  • s3:GetObject — Read/download object

  • s3:PutObject — Upload object

  • s3:DeleteObject — Delete object

  • You may select multiple actions

• Resource Name: Define the bucket or objects this policy applies to using ARN format:

Now click on the Generate Policy Document

After clicking on the 'Generate Policy Document' button, the system will display the corresponding JSON policy.

Apply the Policy

• Copy: Copies the JSON to clipboard for manual use

• Save: Downloads the policy as a .json file

• Attach Policy: Applies the policy directly to the selected bucket via the Zata.ai backend

Now select the bucket and click on the Attach