ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver object-store-server policy statement create

    Create a Policy Statement

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The vserver object-store-server policy statement create command creates a policy statement for the object store server policy.

    Parameters

    -vserver <Vserver Name> - Vserver Name

    This parameter specifies the name of the Vserver on which the policy statement needs to be created for the object store server policy.

    -policy <TextNoCase> - Policy Name

    This parameter specifies the name of the object store server policy for which the policy statement needs to be created. The object store policy must already exist.

    -index <integer> - Statement Index

    This parameter specifies the unique index used to identify the particular object store server policy statement.

    -effect {deny|allow} - Allow or Deny Access

    Use this parameter to specify whether or not access is allowed or denied when a user requests a specific action.

    -actions <Action>,…​ - Policy Actions

    Use this parameter to specify resource operations. The set of resource operations that the object store server supports are GetObject, PutObject, DeleteObject, ListBucket, GetBucketAcl, GetObjectAcl, ListAllMyBuckets, ListBucketMultipartUploads, ListMultipartUploadParts,GetObjectTagging, PutObjectTagging, DeleteObjectTagging, CreateBucket, DeleteBucket, GetBucketLocation, GetBucketVersioning, PutBucketVersioning and ListBucketVersions. Wildcards are accepted for this parameter. If all operations needs to be specified, then use the wildcard character * to specify it. The default actions are GetObject, PutObject, DeleteObject, ListBucket, GetBucketAcl, GetObjectAcl, ListBucketMultipartUploads, ListMultipartUploadParts, GetObjectTagging, PutObjectTagging, DeleteObjectTagging, GetBucketLocation, PutBucketPolicy, GetBucketPolicy, DeleteBucketPolicy, GetBucketVersioning, PutBucketVersioning and ListBucketVersions.

    -resource <text>,…​ - Buckets or Objects

    Use this parameter to specify the bucket, folder, or object for which allow/deny permissions are set.

    [-sid <SID>] - Statement Identifier

    This optional parameter specifies a text comment for the object store server policy statement. This parameter name sid referred as statement identifier.

    Examples

    The following example creates an object store server policy statement for Vserver vs1 and Policy_1 which specifies allowed access to bucket1 resources.

    cluster1::> vserver object-store-server policy statement create -vserver vs1 -policy Policy_1 -effect allow  -actions GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListAllMyBuckets,GetBucketLocation -resource bucket1/* -sid "FullAccesToBucket1"
    Top of Page