检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Granting Permissions to an IAM User Under the Current Account Granting an IAM User the Permissions to Create and List Buckets Granting an IAM User the Read/Write Permission on a Bucket Granting an IAM User the Specified Permissions for a Bucket Granting an IAM User the Read Permissions
For example, to allow IAM user A of account A to access bucket B of account B, you need to: Configure a bucket policy that allows IAM user A to access bucket B. Configure IAM permissions for account A to allow IAM user A to access bucket B.
Granting Permissions to Multiple IAM Users or User Groups Under the Current Account Granting IAM User Groups All Permissions for All OBS Resources Granting IAM User Groups Basic Permissions for All OBS Resources Granting IAM User Groups the Specified Permissions for All OBS Resources
Obtaining Account, IAM User, Project, User Group, Region, and Agency Information Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
How Do I Get My Account ID and IAM User ID? (SDK for Python) Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
Create a user group on the IAM console, and assign the group the Tenant Guest permission. Create an IAM user and add it to the user group. Create a user on the IAM console and add the user to the group created in 1. Log in and verify the permission granting.
If your Huawei Cloud account does not require individual IAM users for permissions management, skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see What Is IAM?
To access OBS using access keys as an IAM user, the programmatic access must be enabled by the account. For details, see Viewing or Modifying IAM User Information. To access OBS in the EU-Dublin region, contact the administrator to obtain an access key pair.
Cause If you use a bucket policy to grant the IAM user the bucket read and write permissions, the IAM user has the permissions to call the following APIs: GetObject: downloading objects GetObjectVersion: downloading objects and their versions PutObject: uploading objects DeleteObject
When an IAM user initiates a request, this parameter value is the ID of the account where the IAM user belongs. When an anonymous user initiates a request, this parameter value is Anonymous.
Obtaining Access Keys (AK/SK) To access OBS using access keys as an IAM user, the programmatic access must be enabled. For details, see Viewing or Modifying IAM User Information. When you call APIs, you need to use the AK and SK for authentication.
Using OBS Browser+ OBS Browser+ is a GUI client for easily managing data stored inOBS. The following describes how to use basic functions on OBS Browser+, including creating a bucket (test-example-bucket as an example), uploading an object, as well as downloading and sharing the object
This happens when your identity authentication on the IAM console fails. To resolve this problem, perform the following steps: Contact the security administrator of the tenant to log in to the IAM console. Check whether the user corresponding to the AK is disabled.
You can also use bucket policies to grant IAM users the permissions to access buckets.
Creating an IAM User and Granting OBS Permissions You can use IAM for fine-grained access control over your OBS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Policies that contain actions only for IAM projects can be used and applied to IAM only. For differences between IAM projects and enterprise projects, see What Are the Differences Between IAM and Enterprise Management? The check mark (√) indicates that an action takes effect.
NOTE: You can obtain the account ID and IAM user ID from the My Credentials page. Accounts should be configured in the Domain ID/IAM user ID format, with each one on a separate line. Account ID/* indicates that permission is granted to all IAM users under the account.
If a bucket has multiple versions of objects, IAM users may fail to list objects in the bucket through OBS Console. In such case, IAM users need to be granted the obs:bucket:ListBucketVersions permission. Parent topic: Access Control
Create a department administrator and some IAM users. For details, see Creating an IAM User. Add the administrator to the admin user group, and add other users to user groups with the OBS Buckets Viewer permissions. For details, see Assigning Permissions to an IAM User.
(Java SDK) A temporary access key (AK/SK) and SecurityToken are credentials issued for IAM users to temporarily access the system. Their validity period can be 15 minutes to 24 hours. After the issued temporary credentials expire, you need to request them again.
