Specifying resources in a policy

In policy statements, you can use the Resource element to specify the bucket or object for which permissions are allowed/denied.

  • Each policy statement requires a Resource element. In a policy, resources are denoted by the element Resource, or alternatively, NotResource for exclusion.
  • You specify resources with an S3 resource URN. For example:
    "Resource": "urn:sgws:s3:::mybucket/*"
  • You can also use policy variables inside the object key. For example:
    "Resource": "urn:sgws:s3:::mybucket/home/${sgws:username}/*"

  • The resource value can specify a bucket that does not yet exist when a group policy is created.

Parent topic: Bucket and group access policies
Related concepts
Specifying variables in a policy
Copyright © 1994-2019, NetApp, Inc. All rights reserved.
Part number: 215-12798_2019-08_en-us
August 2019