sqs-dg-2009-02-01

More documents

Recommendations

Info

Amazon Simple Queue Service Developer GuideEvaluation LogicIf someone sends a request from Antarctica, the condition is met, and the policy's result is therefore anexplicit deny.The distinction between a default deny and an explicit deny is important because a default deny can beoverridden by an allow, but an explicit deny can't. For example, let's say there's another policy that allowsrequests if they arrive on June 1, 2010. How does this policy affect the overall outcome when coupledwith the policy restricting access from Antarctica? We'll compare the overall outcome when coupling thedate-based policy (we'll call Policy B) with the preceding policies A1 and A2. Scenario 1 couples PolicyA1 with Policy B, and Scenario 2 couples Policy A2 with Policy B. The following figure and discussionshow the results when a request comes in from Antarctica on June 1, 2010.API Version 2009-02-0141
Amazon Simple Queue Service Developer GuideBasic Use Cases for Access ControlIn Scenario 1, Policy A1 returns a default deny, as described earlier in this section. Policy B returns anallow because the policy (by definition) allows requests that come in on June 1, 2010. The allow fromPolicy B overrides the default deny from Policy A1, and the request is therefore allowed.In Scenario 2, Policy B2 returns an explicit deny, as described earlier in this section. Again, Policy Breturns an allow. The explicit deny from Policy A2 overrides the allow from Policy B, and the request istherefore denied.Basic Use Cases for Access ControlThis section gives a few examples of typical use cases for access control.API Version 2009-02-0142
Page 1 and 2: Amazon Simple Queue ServiceDevelope
Page 3 and 4: Amazon Simple Queue Service Develop
Page 43: Amazon Simple Queue Service Develop

sqs-dg-2009-02-01

Create successful ePaper yourself

Delete template?

Save as template?