User use doscli can not get、info or put objects in other buckets within ":" in those objects even the user have the permission.
Problem recurrence steps
1. Create two users A and B
2. Set bucket policy of user A and grant full access to user B.
3. Upload an object with a ":" in the name to the bucket of user A, such as "AAA: BBB", and then use user B try to info and get the object.
4. Use user B to try to put a new object with ":" in the name into the bucket of user A.
1. Steps 3 and 4 are successful
1. Steps 3 and 4: error reported and rejected
The cause of the problem: S3 resource description statement is "arn: aws: S3::: bucket / object". When matching the bucket policy, we will first match the S3 resource description statement with regular expression "arn: ([^:] ): ([^:] *): ([^:] *): ([^:] *): (. *)" . Finally, when comparing the "bucket / object" with the actual value, we will match the style with ":", such as the style "" and the actual value "bucket01 / aa: aa / " If they are divided into "", "bucket01 / aa" and "aa", they will not match.