ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver object-store-server bucket policy statement modify

    Modify a bucket policy statement

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The vserver object-store-server bucket policy statement modify command modifies a bucket policy statement.

    Parameters

    -vserver <Vserver Name> - Vserver Name

    This parameter specifies the name of the Vserver for the object store server bucket for which the bucket policy statement needs to be modified.

    -bucket <TextNoCase> - Object Store Server Bucket Name

    This parameter specifies the name of the object store server bucket for which policy statement needs to be modified.

    -index <integer> - Statement Index

    This parameter specifies the index of the object store server bucket policy statement.

    [-effect {deny|allow}] - Allow or Deny Access

    Use this parameter to specify whether access is allowed or denied when a user requests the specific action.

    [-action <Action>,…​] - Bucket Policy Action Allowed or Denied

    Use this parameter to specify resource operations. The set of resource operations object store server supports are GetObject, PutObject, DeleteObject, ListBucket, GetBucketAcl, GetObjectAcl, ListBucketMultipartUploads, ListMultipartUploadParts, GetObjectTagging, PutObjectTagging, DeleteObjectTagging, GetBucketLocation, PutBucketPolicy, GetBucketPolicy, DeleteBucketPolicy, GetBucketVersioning, PutBucketVersioning and ListBucketVersions.

    [-principal <Objectstore Principal>,…​] - List of Users to Be Allowed or Denied Access

    Validate the user requesting access against the object store server users or groups specified in this parameter. To gain access, the user in the context should either match one of the users or belong to one of the groups specified in this principle parameter. An object store server group is specified by adding a prefix "group/" to the group name.

    [-resource <text>,…​] - Bucket or Objects to Be Allowed or Denied Access

    Use this parameter to specify the bucket, folder, or object for which allow/deny permissions are set.

    [-sid <SID>] - Statement Identifier

    This optional parameter specifies a text comment for the object store server bucket policy statement.

    Examples

    The following example modifies an object store server bucket policy statement for Vserver vs1 and bucket1 which specifies allowed access to a readme folder for object store server user user1.

    cluster1::> vserver object-store-server bucket policy statement modify -vserver vs1 -bucket bucket1 -index 1 -effect allow -action GetObject,PutObject,DeleteObject,ListBucket -principal user1 -resource bucket1/readme/* -sid "fullAccessToReadmeForUser1"
    Top of Page