ONTAP 9.14.1 commands

vserver object-store-server policy statement modify

Modify a Policy Statement

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver object-store-server policy statement modify command modifies a policy statement.

Parameters

-vserver <Vserver Name> - Vserver Name

This parameter specifies the name of the Vserver for the object store server policy for which the policy statement needs to be modified.

-policy <TextNoCase> - Policy Name

This parameter specifies the name of the object store server policy for the policy statement that needs to be modified.

-index <integer> - Statement Index

This parameter specifies the index of the object store server policy statement.

[-effect {deny|allow}] - Allow or Deny Access

Use this parameter to specify whether or not access is allowed or denied when a user requests a specific action.

[-actions <Action>,…​] - Policy Actions

Use this parameter to specify resource operations. The set of resource operations that the object store server supports are GetObject, PutObject, DeleteObject, ListBucket, GetBucketAcl, GetObjectAcl, ListAllMyBuckets, ListBucketMultipartUploads, ListMultipartUploadParts, GetObjectTagging, PutObjectTagging, DeleteObjectTagging, CreateBucket, DeleteBucket, GetBucketLocation, PutBucketPolicy, GetBucketPolicy, DeleteBucketPolicy, GetBucketVersioning and PutBucketVersioning.

[-resource <text>,…​] - Buckets or Objects

Use this parameter to specify the bucket, folder, or object for which allow or deny permissions are set. The user name policy variables '${aws:username}' can be specified here, serving as placeholders that are dynamically replaced with the actual user name during run time based on the request context.

[-sid <SID>] - Statement Identifier

This optional parameter specifies a text comment for the object store server policy statement.

Examples

The following example modifies an object store server policy statement for storage virtual machine (SVM) vs1 and Policy_1 which specifies allowed access to bucket1 resources.

cluster1::> vserver object-store-server policy statement modify -vserver vs1 -policy Policy_1 -index 5 -effect allow -actions GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListAllMyBuckets,GetBucketLocation -resource bucket1/* -sid FullAccesToBucket1Resources

The following example modifies an object store server policy statement for storage virtual machine (SVM) vs1 and Policy_1 which specifies allowed access to the corresponding user home directory by specifying the user name policy variable in the resource field.

cluster1::> vserver object-store-server policy statement modify -vserver vs1 -policy Policy_1 -index 5 -effect allow -actions * -resource bucket1,bucket1/${aws:username}/* -sid "fullAccessToUsersHomeDirectory"
Top of Page