---
title: Object Storage buckets should not be publicly accessible
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Object Storage buckets should not be
  publicly accessible
---

# Object Storage buckets should not be publicly accessible
 
## Description{% #description %}

To prevent unauthorized access to sensitive data, Oracle Cloud Infrastructure (OCI) Object Storage buckets should not be configured with public read access. By default, OCI Object Storage buckets are created with private access, but users with sufficient permissions can enable public access at the bucket level. Public access can lead to accidental data exposure, data breaches, and compliance violations.

This rule checks the `public_access_type` configuration of OCI buckets and fails when buckets are configured with:

- `ObjectRead` - Allows public read access to all objects in the bucket
- `ObjectReadWithoutList` - Allows public read access to objects when the exact object name is known

## Remediation{% #remediation %}

To secure your OCI Object Storage bucket, ensure that the `public_access_type` is set to `NoPublicAccess` or is not configured (defaults to private). For guidance on configuring Object Storage bucket visibility, refer to the [Securing Object Storage](https://docs.oracle.com/iaas/Content/Security/Reference/objectstorage_security.htm) section of the Oracle Cloud Infrastructure Documentation.