> For the complete documentation index, see [llms.txt](https://docs.zata.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.zata.ai/subusers/create-a-subuser/policies.md).

# Policies

#### Overview

Bucket policies are used to control access to objects within a bucket. These policies define **who can access the bucket and what actions they are allowed to perform**.

Using the **Policy Setup Wizard**, administrators can configure access by selecting the bucket, assigning permissions, and defining the target users.

***

#### Prerequisites

Before creating a bucket policy, ensure that:

* A bucket is already created.
* You have access to the **Zata.ai Dashboard**.
* You have permission to manage bucket policies.

***

#### Procedure

**Step 1: Navigate to Access Policies**

1. Log in to the **Zata.ai Dashboard**.
2. Open the **Object Storage** section.
3. Click **Access Policies**.
4. Click **Create Policy**.

***

**Step 2: Select Bucket and Scope**

1. Select the **bucket name** from the dropdown list.

Example:`prertest`

2. Choose the **Access Scope**:

**Entire Bucket**

* Applies the policy to all objects within the bucket.

**Specific Folders**

* Applies the policy only to selected folders inside the bucket.

3. Click **Next** to continue.

<figure><img src="/files/83Nvqf34MeupFxLP3CTh" alt=""><figcaption></figcaption></figure>

***

**Step 3: Select Grantee**

In this step, define **who will receive the permissions**.

Select the Available options include:

* **Public (Anyone)** – Allows access to all users.
* **Authenticated Users** – Allows access only to logged-in users.
* **Specific Users or Roles** – Allows access only to selected identities.

Click **Next**.

<figure><img src="/files/t0bZi9EDWJujejJQREw9" alt=""><figcaption></figcaption></figure>

***

**Step 4: Configure Permissions**

Permissions define **what actions users are allowed to perform**.

**A. Object Operations**

These permissions apply to files stored in the bucket.

Recommended configuration for **public read access**:

Enable: Download files

Disable:

Upload files\
Add/Edit file tags\
Remove file tags\
Cancel uploads\
Restore archived files<br>

<figure><img src="/files/loPiSWaUfWyzhCogEI2V" alt=""><figcaption></figcaption></figure>

***

#### Bucket Operations

These permissions control bucket-level actions.

Optional: List files (allows users to view objects in the bucket)

Disable:

List file versions\
View bucket tags\
View versioning status

Click **Next**.

<figure><img src="/files/O0BxIzrv4AYmuDnhzLAg" alt=""><figcaption></figcaption></figure>

***

**Step 5: Review and Create Policy**

The **Review** page displays a summary of the policy configuration.

Verify the following details:

* Bucket name
* Region
* Grantee
* Scope
* Selected permissions
* Policy effect (Allow or Deny)

Enter a **Policy Name** (optional but recommended).

Example: `public-read-policy`

Click **Create Policy**.

<figure><img src="/files/ZemKf8TNlQHPXWBcTfzM" alt=""><figcaption></figcaption></figure>

***

**Result**

After the policy is created, the defined permissions are applied to the selected bucket.

With this configuration:

* Users can **download objects**
* Users can **view files (optional)**
* Users **cannot upload, modify, or delete objects**

This ensures **secure read-only access** to bucket contents.

***

**Best Practices**

* Grant only the permissions that are required.
* Avoid enabling write or delete permissions for public access.
* Use **specific folder scope** if access should be limited to certain objects.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.zata.ai/subusers/create-a-subuser/policies.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.