Skip to main content
A newer release of this product is available.

Retrieve S3 policies in SVM configuration

Contributors
PDFs

GET /protocols/s3/services/{svm.uuid}/policies

Introduced In: 9.8

Retrieves the S3 policies SVM configuration.

  • vserver object-store-server policy show

Learn more

Parameters

Name Type In Required Description

name

string

query

False

Filter by name

statements.index

integer

query

False

Filter by statements.index

statements.actions

string

query

False

Filter by statements.actions

statements.sid

string

query

False

Filter by statements.sid

statements.resources

string

query

False

Filter by statements.resources

statements.effect

string

query

False

Filter by statements.effect

svm.uuid

string

query

False

Filter by svm.uuid

svm.name

string

query

False

Filter by svm.name

read-only

boolean

query

False

Filter by read-only

comment

string

query

False

Filter by comment

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 1

  • Max value: 120

  • Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

collection_links

num_records

integer

Number of records

records

array[s3_policy]
Example response 
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": {
    "comment": "S3 policy.",
    "name": "Policy1",
    "statements": {
      "actions": [
        "*"
      ],
      "effect": "allow",
      "index": 0,
      "resources": [
        "bucket1",
        "bucket1/*"
      ],
      "sid": "FullAccessToBucket1"
    },
    "svm": {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "name": "svm1",
      "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
    }
  }
}

Error

Status: Default, Error
Name Type Description

error

error
Example error 
{
  "error": {
    "arguments": {
      "code": "string",
      "message": "string"
    },
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string
Name Type Description

next

href

self

href

s3_policy_statement

Specifies information about a single access policy statement.

Name Type Description

actions

array[string]

For each resource, S3 supports a set of operations. The resource operations allowed or denied are identified by an action list:

  • GetObject - retrieves objects from a bucket.

  • PutObject - puts objects in a bucket.

  • DeleteObject - deletes objects from a bucket.

  • ListBucket - lists the objects in a bucket.

  • GetBucketAcl - retrieves the access control list (ACL) of a bucket.

  • GetObjectAcl - retrieves the access control list (ACL) of an object.

  • ListAllMyBuckets - lists all of the buckets in a server.

  • ListBucketMultipartUploads - lists the multipart uploads in progress for a bucket.

  • ListMultipartUploadParts - lists the parts in a multipart upload.

  • GetObjectTagging - retrieves the tag set of an object.

  • PutObjecttagging - sets the tag set for an object.

  • DeleteObjectTagging - deletes the tag set of an object. The wildcard character "*" can be used to form a regular expression for specifying actions.

effect

string

Specifies whether access is allowed or denied. If access (to allow) is not granted explicitly to a resource, access is implicitly denied. Access can also be denied explicitly to a resource, in order to make sure that a user cannot access it, even if a different policy grants access.

index

integer

Specifies a unique statement index used to identify a particular statement. This parameter should not be specified in the POST method. A statement index is automatically generated and is retrieved using the GET method.

resources

array[string]

sid

string

Specifies the statement identifier which contains additional information about the statement.

_links

Name Type Description

self

href

svm

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

s3_policy

An S3 policy is an object. It defines resource (bucket, folder or object) permissions. These policies get evaluated when an object store user user makes a request. Permissions in the policies determine whether the request is allowed or denied.

Name Type Description

comment

string

Can contain any additional information about the S3 policy.

name

string

Specifies the name of the policy. A policy name length can range from 1 to 128 characters and can only contain the following combination of characters 0-9, A-Z, a-z, "_", "+", "=", ",", ".","@", and "-".

read-only

boolean

Specifies whether or not the s3 policy is read only. This parameter should not be specified in the POST method.

statements

array[s3_policy_statement]

Specifies the policy statements.

svm

svm

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.