检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating an IAM User and Granting OBS Permissions You can use IAM for fine-grained access control over your OBS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Permissions IAM permissions control IAM users under an account to access: All cloud resources.
Configuring IAM Permissions Creating an IAM User and Granting OBS Permissions OBS Custom Policies OBS Resources OBS Request Conditions Parent Topic: Permissions Control
IAM users: Select an IAM user that you want to grant permissions to. Resources Select Current bucket. Actions Choose Customize.
Granting an IAM User the Permissions to Create and List Buckets Scenario This topic describes how to grant an IAM user the permissions to create and list buckets. An IAM user with this permission can create and list buckets.
Granting an IAM User the Specified Permissions on Specified Objects Scenario This topic describes how to grant an IAM user the permissions required to download specific objects from a bucket.
Granting an IAM User the Read Permissions on Specific Objects Scenario This topic describes how to grant an IAM user the read permissions on an object or a set of objects in an OBS bucket.
Granting an IAM User the Read/Write Permission on a Bucket Scenario This topic describes how to grant an IAM user the read/write permission on an OBS bucket.
Accessing OBS Using an IAM Agency The IAM agency is a function of Identity and Access Management (IAM).
Granting IAM User Groups the Specified Permissions for a Folder Scenario This topic describes how to grant specified permissions for a folder in an OBS bucket to multiple IAM users or user groups.
Granting IAM User Groups All Permissions for All OBS Resources Scenario This topic describes how to grant multiple IAM users or user groups all permissions for all OBS resources. Users with this permission can perform any OBS operation.
Granting IAM User Groups the Specified Permissions for Certain OBS Resources Scenario This topic describes how to grant specified operation permissions for certain OBS resources (can be a bucket or an object) to multiple IAM users or user groups.
Granting IAM User Groups the Specified Permissions for All OBS Resources Scenario This topic describes how to grant multiple IAM users or user groups specified permissions for all OBS resources.
Granting IAM User Groups Basic Permissions for All OBS Resources Scenario This topic describes how to use the OBS-related system roles and policies preset in IAM to grant basic operation permissions for all OBS resources to multiple IAM users or user groups.
An example is given as follows: obs:*:*:object:my-bucket/my-object/* (indicating any object in the my-object directory of bucket my-bucket) Parent Topic: Configuring IAM Permissions
Configuration Precautions If an IAM user is authorized for an action through both IAM and EPS, the authorization result is subject to IAM configuration. Examples: 1.
When configuring condition keys in IAM, start them with obs:. For details, see Policy Format. Parent Topic: Configuring IAM Permissions
On the API Credentials page, view the account name, account ID, IAM username, IAM user ID, project name, and project ID. Parent topic: FAQs
What Are the Differences Between Using an IAM Permission and a Bucket Policy in Access Control? IAM permissions apply to cloud resources.
The following is an example of a deny policy: { "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "obs:object:PutObject" ] } ] } Parent Topic: Configuring IAM Permissions
