Was this content helpful?
How could we make this article more helpful?
Permissions control access to buckets and define which actions the service accounts can perform on a bucket.
Bucket permission and Policy permission are two options available for granting permission to your buckets.
You can create bucket permissions without any buckets in the account only if you apply permission to all buckets in the account or all buckets with a prefix.
Apply permission types using the type parameter.
Apply actions using the action parameter.
In the example below, the policy permission has three statements:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "statement1", "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::mybucket" ], "Condition": { "StringLike": { "s3:prefix": [ "David/*" ] } } }, { "Sid": "statement2", "Action": [ "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::mybucket/David/*" ] }, { "Sid": "statement3", "Action": [ "s3:DeleteObject" ], "Effect": "Deny", "Resource": [ "arn:aws:s3:::mybucket/David/*", "arn:aws:s3:::mycorporatebucket/share/marketing/*" ] } ] }
The following example illustrates creating a policy permission file using Account API.
{ "name":"permission_name", "description":"Test data", "type":"policy", "policy":"{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"statement15feb1\",\"Effect\":\"Allow\",\"Action\":[\"s3:*\"],\"Resource\":[\"arn:aws:s3:::*/*\"]}]}" }
The POST request creates controlled access to the buckets and defines actions the service account can perform on the specified buckets in the account.
POST/permissions
{ "name": "string", "description": "string", "type": "all-buckets", "actions": "all-operations", "prefix": "string", "buckets": [ "string" ], "policy": {} }
Name | In | Type | Required | Description |
---|---|---|---|---|
name | body | string | true | Name of the permission.The name allows only alphanumeric, '-', '_' or spaces. Maximum length is 128 characters. |
description | body | string | true | Description of the permission.Maximum length is 1000 characters. |
type | body | string | true | The values for the permission type can be:
|
actions | body | string | false | The values for the actions can be:
|
prefix | body | string | false | Prefix of your bucket names to assign and apply the permission based on the permission type bucket-prefix. |
buckets | body | [string] | false | Specify one or more bucket names based on permission type bucket-names. |
policy | body | object | false | The policy file is based on permission type policy. |
package main import ( "bytes" "net/http" ) func main() { headers := map[string][]string{ "Content-Type": []string{ "application/json", }, "Accept": []string{ "application/json", }, "Authorization": []string{ "Bearer {access-token}", }, } jsonReq := `{"key":"value"}` // replace with your JSON request data := bytes.NewBuffer([]byte(jsonReq)) req, err := http.NewRequest("PUT", "https://api.lyvecloud.seagate.com/v2/permissions/", data) if err != nil { // handle error } req.Header = headers client := &http.Client{} resp, err := client.Do(req) if err != nil { // handle error } // handle response _ = resp }
import java.net.HttpURLConnection; import java.net.URL; import java.io.BufferedReader; import java.io.InputStreamReader; import java.io.OutputStream; public class Main { public static void main(String[] args) { try { URL obj = new URL("https://api.lyvecloud.seagate.com/v2/permissions/"); HttpURLConnection con = (HttpURLConnection) obj.openConnection(); con.setRequestMethod("PUT"); // For a PUT request, we need to send data con.setDoOutput(true); String jsonInputString = "{\"key\": \"value\"}"; // replace with your actual JSON data try(OutputStream os = con.getOutputStream()) { byte[] input = jsonInputString.getBytes("utf-8"); os.write(input, 0, input.length); } int responseCode = con.getResponseCode(); BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream())); String inputLine; StringBuffer response = new StringBuffer(); while ((inputLine = in.readLine()) != null) { response.append(inputLine); } in.close(); System.out.println(response.toString()); } catch (Exception e) { e.printStackTrace(); } } }
const inputBody = `{ "name": "string", "description": "string", "type": "all-buckets", "actions": "all-operations", "prefix": "string", "buckets": ["string"], "policy": {} }`; const headers = { 'Content-Type': 'application/json', 'Accept': 'application/json', 'Authorization': 'Bearer {access-token}' }; fetch('https://api.lyvecloud.seagate.com/v2/permissions/', { method: 'PUT', body: inputBody, headers: headers }) .then(function(res) { return res.json(); }).then(function(body) { console.log(body); });
import requests headers = { 'Content-Type': 'application/json', 'Accept': 'application/json', 'Authorization': 'Bearer {access-token}' } r = requests.put('https://api.lyvecloud.seagate.com/v2/permissions/', headers=headers) print(r.json())
require 'rest-client' require 'json' headers = { 'Content-Type' => 'application/json', 'Accept' => 'application/json', 'Authorization' => 'Bearer {access-token}' } data = { "name" => "string", "description" => "string", "type" => "all-buckets", "actions" => "all-operations", "prefix" => "string", "buckets" => ["string"], "policy" => {} } result = RestClient.put 'https://api.lyvecloud.seagate.com/v2/permissions/', data.to_json, headers: headers p JSON.parse(result)
Status Code | Description | Return JSON Payload | ||||
---|---|---|---|---|---|---|
200 | OK The request to create permission was successfully submitted. Note—There might be a few seconds difference between the time the successful response is received and when the action is completed, as some regions may still process the create permission request. |
{ "id": "string" } |
||||
400 | Bad Request. The request is invalid and has invalid permission information. |
{ "code": "string", "message": "string" } |
||||
403 | Forbidden The account has no services enabled. |
{ "code": "string", "message": "string" }
|
||||
409 | The permission name already exists. | { "code": "string", "message": "string" }
|
||||
500 | The server encountered an internal error. | { "code": "string", "message": "string" }
|
||||
503 | Service Unavailable | { "code": "string", "message": "string" }
|