Re: Riak CS: write ACL without delete permission

Fri, 28 Mar 2014 10:00:40 -0700 

For those following along at home too, ACLs and bucket policies are distinct 
access controls in S3. Riak CS has only limited support for bucket policies at 
the moment.

Reid

On Mar 28, 2014, at 5:04 AM, Jochen Delabie <[email protected]> wrote:

> Hi Reid,
> 
> You're right, the way I use this with S3 is by using a custom policy where 
> get and put only is allowed:
> 
> {
>   "Statement": [
>     {
>       "Sid": "Stmt1356692141310",
>       "Action": [
>         "s3:AbortMultipartUpload",
>         "s3:GetBucketAcl",
>         "s3:GetBucketLocation",
>         "s3:GetBucketLogging",
>         "s3:GetBucketNotification",
>         "s3:GetBucketPolicy",
>         "s3:GetBucketRequestPayment",
>         "s3:GetBucketVersioning",
>         "s3:GetBucketWebsite",
>         "s3:GetLifecycleConfiguration",
>         "s3:GetObject",
>         "s3:GetObjectAcl",
>         "s3:GetObjectTorrent",
>         "s3:GetObjectVersion",
>         "s3:GetObjectVersionAcl",
>         "s3:GetObjectVersionTorrent",
>         "s3:ListBucket",
>         "s3:ListBucketMultipartUploads",
>         "s3:ListBucketVersions",
>         "s3:ListMultipartUploadParts",
>         "s3:PutObject",
>         "s3:PutObjectAcl",
>         "s3:PutObjectVersionAcl"
>       ],
>       "Effect": "Allow",
>       "Resource": [
>         "arn:aws:s3:::*"
>       ]
>     }
>   ]
> }
> 
> 
> On Fri, Mar 28, 2014 at 12:48 AM, Reid Draper <[email protected]> wrote:
> Hi Jochen,
> 
> I'm not aware of any ACL in S3 that supports this. The WRITE ACL will grant 
> 'create, overwrite and delete' of objects [1]
> 
> [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/ACLOverview.html
> 
> Reid
> 
> On Mar 25, 2014, at 7:13 AM, Jochen Delabie <[email protected]> wrote:
> 
>> Hi,
>> 
>> Is it possible to assign an ACL to a bucket where a client can write/upload 
>> an object but not delete an object?
>> 
>> So basically a WRITE permission without the possibility to delete.
>> 
>> Thanks,
>> Jochen Delabie
>> _______________________________________________
>> riak-users mailing list
>> [email protected]
>> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
> 
> 


_______________________________________________
riak-users mailing list
[email protected]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com

Reply via email to