# Policies #### Overview Bucket policies are used to control access to objects within a bucket. These policies define **who can access the bucket and what actions they are allowed to perform**. Using the **Policy Setup Wizard**, administrators can configure access by selecting the bucket, assigning permissions, and defining the target users. *** #### Prerequisites Before creating a bucket policy, ensure that: * A bucket is already created. * You have access to the **Zata.ai Dashboard**. * You have permission to manage bucket policies. *** #### Procedure **Step 1: Navigate to Access Policies** 1. Log in to the **Zata.ai Dashboard**. 2. Open the **Object Storage** section. 3. Click **Access Policies**. 4. Click **Create Policy**. *** **Step 2: Select Bucket and Scope** 1. Select the **bucket name** from the dropdown list. Example:`prertest` 2. Choose the **Access Scope**: **Entire Bucket** * Applies the policy to all objects within the bucket. **Specific Folders** * Applies the policy only to selected folders inside the bucket. 3. Click **Next** to continue.

*** **Step 3: Select Grantee** In this step, define **who will receive the permissions**. Select the Available options include: * **Public (Anyone)** – Allows access to all users. * **Authenticated Users** – Allows access only to logged-in users. * **Specific Users or Roles** – Allows access only to selected identities. Click **Next**.

*** **Step 4: Configure Permissions** Permissions define **what actions users are allowed to perform**. **A. Object Operations** These permissions apply to files stored in the bucket. Recommended configuration for **public read access**: Enable: Download files Disable: Upload files\ Add/Edit file tags\ Remove file tags\ Cancel uploads\ Restore archived files

*** #### Bucket Operations These permissions control bucket-level actions. Optional: List files (allows users to view objects in the bucket) Disable: List file versions\ View bucket tags\ View versioning status Click **Next**.

*** **Step 5: Review and Create Policy** The **Review** page displays a summary of the policy configuration. Verify the following details: * Bucket name * Region * Grantee * Scope * Selected permissions * Policy effect (Allow or Deny) Enter a **Policy Name** (optional but recommended). Example: `public-read-policy` Click **Create Policy**.

*** **Result** After the policy is created, the defined permissions are applied to the selected bucket. With this configuration: * Users can **download objects** * Users can **view files (optional)** * Users **cannot upload, modify, or delete objects** This ensures **secure read-only access** to bucket contents. *** **Best Practices** * Grant only the permissions that are required. * Avoid enabling write or delete permissions for public access. * Use **specific folder scope** if access should be limited to certain objects.