检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For details about how to grant permissions to an IAM user, see Granting IAM Users Under an Account the Access to a Bucket and the Resources in It.
IAM users can call the IAM API for Obtaining a Temporary Access Key and Security Token Through a Token. IAM users can also send the policy parameter to request for temporary policy's permissions.
NOTE: You can obtain the account ID and IAM user ID from the My Credentials page. Accounts should be configured in the Domain ID/IAM user ID format, with each one on a separate line. Account ID/* indicates that permission is granted to all IAM users under the account.
An account (including all IAM users under this account) can create a maximum of 100 buckets and parallel file systems. You can use the fine-grained access control of OBS to properly plan and use buckets.
What Are the Differences Between an IAM Permission and a Bucket Policy in Access Control? Why Does Message "Access denied" Appear After the OBS System Permissions Were Authorized by IAM?
If you use an IAM user, ensure that the user has been added to a user group that has the permissions required to use OBS. For details about how to create buckets, upload objects, and perform operations on buckets and objects on OBS, see Managing Buckets and Managing Objects.
If Condition is configured in the IAM permission or bucket policy, check whether the specified rules are met.
An account (including all IAM users under this account) can create a maximum of 100 buckets and parallel file systems. You can use the fine-grained access control of OBS to properly plan and use buckets.
Restrictions To rename an object, you must be the PFS owner or have the required permission (obs:bucket:PutObject in IAM or PutObject in a policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
Access control: You can use IAM permissions, bucket policies, bucket ACLs, and object ACLs to implement refined access control over buckets and objects.
a Bucket Granting an IAM User the Specified Permissions for a Bucket Granting an IAM User the Read Permissions on Specific Objects Granting an IAM User the Specified Permissions on Specified Objects Granting permissions to multiple IAM users or user groups under the current account
IAM permissions IAM permissions define the actions that can be performed on your cloud resources, specifying what actions are allowed or denied. IAM permissions can be used to grant access to various IAM users under the same parent account.
Separation of duties Assign different IAM users to manage resources and permissions. For example, you can let one IAM user assign permissions, and let another IAM user manage OBS resources.
Creating a HUAWEI ID and Enabling Huawei Cloud Services IAM user Optional.
IAM user name Yes Name of the IAM user created by your Huawei Cloud account or HUAWEI ID. To view an IAM username, see Obtaining IAM User Information.
Figure 1 My Credentials On the API Credentials page, view the account name, account ID, IAM user name, IAM user ID, project name, and project ID. The project ID varies depending on the region where your service is located.
Figure 1 My Credentials On the API Credentials page, view the account name, account ID, IAM user name, IAM user ID, project name, and project ID. The project ID varies depending on the region where your service is located.
Use an IAM user. Specifically, use a Huawei account to log in to the Huawei Cloud console, create an IAM user, and grant the IAM user necessary permissions.
Permission Configuration in Typical Scenarios Typical Permissions Scenarios Granting Permissions to an IAM User Under the Current Account Granting Permissions to Multiple IAM Users or User Groups Under the Current Account Granting Permissions to Other Accounts Granting Permissions
Table 1 OBS access control Method Description Reference Permission control IAM permissions IAM permissions define which actions on your cloud resources are allowed or denied.
