Useful for logs, backups, etc where it may not be desirable for the client to read files it has uploaded or other files within the upload directory.
Example policy and role for subuser:
$ sdc-policy create --name WriteOnly --rules "can putobject"
$ sdc-role create --name LogWriter --default-members mysubuser --members mysubuser --policies WriteOnly