Merge pull request #8156 from ovh/AG-iam-list

Jessica41 · web-flow · commit 0cb9fb905aaa · 2025-07-14T11:20:19.000-04:00
AG - s3:ListAllMyBuckets - user policies
diff --git a/pages/storage_and_backup/object_storage/s3_identity_and_access_management/guide.en-gb.md b/pages/storage_and_backup/object_storage/s3_identity_and_access_management/guide.en-gb.md
@@ -1,7 +1,7 @@
 ---
 title: Object Storage - Identity and access management
 excerpt: The purpose of this guide is to show you how to manage your identities and access your Object Storage resources
-updated: 2025-03-21
+updated: 2025-07-11
 ---
 
 ## Objective
@@ -120,6 +120,24 @@ Some examples of JSON configuration files:
 }
 ```
 
+**Deny listing of all buckets owned by the parent account**
+
+> [!primary]
+>
+> The (`s3:ListAllMyBuckets`) action is allowed by default for a given user. Add the `deny`{.action} effect if you want to explictly refuse the use of the `ListBuckets`{.action} API operation.
+>  
+
+```json
+{
+  "Statement":[{
+    "Sid": "DenyListBucket",
+    "Effect": "Deny",
+    "Action":["s3:ListAllMyBuckets"],
+    "Resource":["*"]
+  }]
+}
+```
+
 **Allow all operations on all project resources**
 
 ```json
@@ -176,6 +194,7 @@ Some examples of JSON configuration files:
 | s3:GetObjectRetention | Object |
 | s3:GetObjectTagging | Object |
 | s3:GetReplicationConfiguration | Bucket |
+| s3:ListAllMyBuckets | Bucket |
 | s3:ListBucket | Bucket |
 | s3:ListBucketMultipartUploads | Bucket |
 | s3:ListMultipartUploadParts | Object |
diff --git a/pages/storage_and_backup/object_storage/s3_identity_and_access_management/guide.fr-fr.md b/pages/storage_and_backup/object_storage/s3_identity_and_access_management/guide.fr-fr.md
@@ -1,7 +1,7 @@
 ---
 title: Object Storage - Gestion des identités et des accès
 excerpt: Ce guide a pour objectif de vous montrer la gestion de vos identités et accès à vos ressources Object Storage
-updated: 2025-03-21
+updated: 2025-07-11
 ---
 
 ## Objectif
@@ -120,6 +120,24 @@ Quelques exemples de fichiers de configuration JSON :
 }
 ```
 
+**Refuser l'affichage de tous les buckets appartenant au compte.**
+
+> [!primary]
+>
+> L'action (`s3:ListAllMyBuckets`) est autorisée par défaut pour un utilisateur donné. Ajouter explicitement un `deny`{.action} si vous souhaitez refuser l'utilisation de l'opération d'API `ListBuckets`{.action}.
+>  
+
+```json
+{
+  "Statement":[{
+    "Sid": "DenyListBucket",
+    "Effect": "Deny",
+    "Action":["s3:ListAllMyBuckets"],
+    "Resource":["*"]
+  }]
+}
+```
+
 **Autoriser toutes les opérations sur toutes les ressources d'un projet**
 
 ```json
@@ -176,6 +194,7 @@ Quelques exemples de fichiers de configuration JSON :
 | s3:GetObjectRetention | Object |
 | s3:GetObjectTagging | Object |
 | s3:GetReplicationConfiguration | Bucket |
+| s3:ListAllMyBuckets | Bucket |
 | s3:ListBucket | Bucket |
 | s3:ListBucketMultipartUploads | Bucket |
 | s3:ListMultipartUploadParts | Object |
