Customer-created objects in cloud storage buckets are stored in a flat namespace and lack the hierarchy found in folders of a traditional file system. While grouped permissions are straightforward in a file system, such permissions are relatively difficult to implement in storage systems with flat namespaces, where policies can be applied at no finer a granularity than the level of the bucket. This disclosure describes a mechanism for applying a policy to a group of objects in a storage bucket based on the prefix of the objects. Customers can identify a prefix of the object path that ends in slash (/) and apply policies based on that prefix. The described techniques enable the application of policies to objects at a level of granularity that is finer than that of the storage bucket. A customer of cloud-based storage can purchase fewer storage buckets to organize a greater number and diversity of objects, thereby reducing cost and complexity and improving scalability.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.