Hi Reid,
You're right, the way I use this with S3 is by using a custom policy where
get and put only is allowed:
{
"Statement": [
{
"Sid": "Stmt1356692141310",
"Action": [
"s3:AbortMultipartUpload",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketPolicy",
"s3:GetBucketRequestPayment",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetLifecycleConfiguration",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTorrent",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
On Fri, Mar 28, 2014 at 12:48 AM, Reid Draper <[email protected]> wrote:
> Hi Jochen,
>
> I'm not aware of any ACL in S3 that supports this. The WRITE ACL will
> grant 'create, overwrite and delete' of objects [1]
>
> [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/ACLOverview.html
>
> Reid
>
> On Mar 25, 2014, at 7:13 AM, Jochen Delabie <[email protected]>
> wrote:
>
> Hi,
>
> Is it possible to assign an ACL to a bucket where a client can
> write/upload an object but not delete an object?
>
> So basically a WRITE permission without the possibility to delete.
>
> Thanks,
> Jochen Delabie
> _______________________________________________
> riak-users mailing list
> [email protected]
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>
>
>
_______________________________________________
riak-users mailing list
[email protected]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
