search
LoginSignup

Policies

Bucket Policies

Bucket policies are used to control access to objects within a bucket. These policies are attached directly to a bucket and define who can access the data and what operations they are allowed to perform.

Uses of Bucket Policies:

  • Enforce access control at the bucket level

  • Support multi-tenant object storage

  • Define permissions without changing individual object ACLs

  • Simplify management for public or shared content

hashtag
To Apply Policies in the Zata.ai Bucket

  1. Navigate to the Zata.ai dashboard.

  2. Click on the Policies section.

  3. Click on Create Policy.

hashtag
Enter Policy Metadata

  • Policy Name: Enter a unique name to identify the policy. Example: public-read-policy

  • Description: Briefly describe what the policy does. Example: Grants public read access to all objects

Configure Policy Rule

Configure Permissions (Visual Builder)

  • Enable Read Objects to allow users to view and download objects from the bucket.

  • Keep Write Objects disabled to prevent uploading or modifying any data.

  • Keep Delete Objects disabled to protect objects from being removed.

  • Keep List Objects disabled. Enable it only if users need to view the list of objects inside the bucket.

This configuration ensures that the bucket remains read-only while maintaining data security.

circle-info

All permissions selected in the Visual Builder are automatically converted into a JSON policy document in the backend. This JSON represents the final access rules that are applied to the bucket.

Now click on the Generate Policy Document

Configure Bucket Scope

  • Select Specific buckets to apply the policy only to selected buckets.

  • In Bucket names, enter the bucket name where the policy should be applied. Example: prertest

  • Multiple bucket names can be added on new lines or separated by commas.

  • Object key prefix (optional) is used to limit access to a specific folder inside the bucket. Example: uploads/*

  • Leave the prefix empty to apply the policy to the entire bucket.

This helps in controlling whether the policy applies to the full bucket or only to specific objects within it.

  • Review the Policy Preview section on the right side to verify the generated configuration.

  • Click on Save Policy to generate the policy.

PreviousCreate a SubuserNextCreate a new access key and secret key for the specific subuser.

Last updated