本文介绍常见的 IAM 策略内容,方便您直接选择使用。
test 的所有权限{ "Statement": [ { "Effect": "Allow", "Action": [ "tos:*" ], "Resource": [ "trn:tos:::test", "trn:tos:::test/*" ] } ] }
test 的只读权限{ "Statement": [ { "Effect": "Allow", "Action": [ "tos:Get*" ], "Resource": [ "trn:tos:::test", "trn:tos:::test/*" ] } ] }
{ "Statement": [ { "Effect": "Allow", "Action": [ "tos:CreateBucket" ], "Resource": [ "trn:tos:::*" ] } ] }
{ "Statement": [ { "Effect": "Allow", "Action": [ "tos:ListBuckets" ], "Resource": [ "trn:tos:::*" ] } ] }
test 内 abc 目录及其子目录下对象的权限{ "Statement": [ { "Effect": "Allow", "Action": [ "tos:ListBucket" ], "Resource": [ "trn:tos:::test" ], "Condition": { "StringLike": { "tos:prefix": [ "abc/*" ] } } } ] }
注意
用户被授予的策略中,一个授权项的作用如果同时存在 Allow 和 Deny,则遵循 Deny 优先原则。
test 中上传对象的权限{ "Statement": [ { "Effect": "Deny", "Action": [ "tos:PutObject" ], "Resource": [ "trn:tos:::test/*" ] } ] }
test 的权限{ "Statement": [ { "Effect": "Deny", "Action": [ "tos:DeleteBucket" ], "Resource": [ "trn:tos:::test" ] } ] }
test内,前缀为abc对象的权限{ "Statement": [ { "Effect": "Deny", "Action": [ "tos:DeleteObject" ], "Resource": [ "trn:tos:::test/abc*" ] } ] }