Skip to main content
REST API reference

Update an S3 policy configuration

PDFs

PATCH /protocols/s3/services/{svm.uuid}/policies/{name}

Introduced In: 9.8

Updates the S3 policy configuration of an SVM.

Important notes

  • The following fields can be modified for a policy:

    • comment - Any information related to the policy.

    • statements - Specifies the array of policy statements.

  • vserver object-store-server policy modify

  • vserver object-store-server policy modify-statement

Learn more

Parameters

Name Type In Required Description

name

string

path

True

Policy name

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Request Body

Name Type Description

comment

string

Can contain any additional information about the S3 policy.

read-only

boolean

Specifies whether or not the s3 policy is read only. This parameter should not be specified in the POST method.

statements

array[s3_policy_statement]

Specifies the policy statements.

svm

svm

SVM, applies only to SVM-scoped objects.
Example request 
{
  "comment": "S3 policy.",
  "statements": [
    {
      "actions": [
        "*"
      ],
      "effect": "allow",
      "index": 0,
      "resources": [
        "bucket1",
        "bucket1/*"
      ],
      "sid": "FullAccessToBucket1"
    }
  ],
  "svm": {
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 200, Ok

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

92405906

The specified action name is invalid.

92405963

Failed to create s3 policy statements "{policy name}". Reason: "{reason of failure}". Resolve all issues and retry the operation.

92405953

Object store server read-only policies do not support create, modify, delete, add-statement, remove-statement and modify-statement operations.

92406075

Failed to modify policy statement for policy "{policy name}". Reason: "{reason of failure}". Valid ways to specify a resource are "__", "{bucket-name}", "{bucket-name}/…​/…​".".

Definitions

See Definitions

s3_policy_statement

Specifies information about a single access policy statement.

Name Type Description

actions

array[string]

For each resource, S3 supports a set of operations. The resource operations allowed or denied are identified by an action list:

  • GetObject - retrieves objects from a bucket.

  • PutObject - puts objects in a bucket.

  • DeleteObject - deletes objects from a bucket.

  • ListBucket - lists the objects in a bucket.

  • GetBucketAcl - retrieves the access control list (ACL) of a bucket.

  • GetObjectAcl - retrieves the access control list (ACL) of an object.

  • ListAllMyBuckets - lists all of the buckets in a server.

  • ListBucketMultipartUploads - lists the multipart uploads in progress for a bucket.

  • ListMultipartUploadParts - lists the parts in a multipart upload.

  • CreateBucket - creates a new bucket.

  • DeleteBucket - deletes an existing bucket.

  • GetObjectTagging - retrieves the tag set of an object.

  • PutObjecttagging - sets the tag set for an object.

  • DeleteObjectTagging - deletes the tag set of an object.

  • GetBucketLocation - retrieves the location of a bucket.

  • GetBucketVersioning - retrieves the versioning configuration of a bucket.

  • PutBucketVersioning - modifies the versioning configuration of a bucket.

  • ListBucketVersions - lists the object versions in a bucket.

  • PutBucketPolicy - puts bucket policy on the bucket specified.

  • GetBucketPolicy - retrieves the bucket policy of a bucket.

  • DeleteBucketPolicy - deletes the policy created for a bucket. The wildcard character "*" can be used to form a regular expression for specifying actions.

effect

string

Specifies whether access is allowed or denied. If access (to allow) is not granted explicitly to a resource, access is implicitly denied. Access can also be denied explicitly to a resource, in order to make sure that a user cannot access it, even if a different policy grants access.

index

integer

Specifies a unique statement index used to identify a particular statement. This parameter should not be specified in the POST method. A statement index is automatically generated. It is not retrieved in the GET method.

resources

array[string]

sid

string

Specifies the statement identifier which contains additional information about the statement.

href

Name Type Description

href

string

_links

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

s3_policy

An S3 policy is an object. It defines resource (bucket, folder or object) permissions. These policies get evaluated when an object store user user makes a request. Permissions in the policies determine whether the request is allowed or denied.

Name Type Description

comment

string

Can contain any additional information about the S3 policy.

read-only

boolean

Specifies whether or not the s3 policy is read only. This parameter should not be specified in the POST method.

statements

array[s3_policy_statement]

Specifies the policy statements.

svm

svm

SVM, applies only to SVM-scoped objects.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.