检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Figure 1 My Credentials On the API Credentials page, view the account name, account ID, IAM user name, IAM user ID, project name, and project ID. The project ID varies depending on the region where your service is located.
Use an IAM user. Specifically, use a Huawei account to log in to the Huawei Cloud console, create an IAM user, and grant the IAM user necessary permissions.
Enter the account ID and IAM user ID in the format of Account ID/IAM user ID. To specify multiple IAM users, enter each one on a separate line. An asterisk (*) indicates all accounts or IAM users. NOTE: The account ID and IAM user ID can be obtained on the My Credentials page.
Permission Configuration in Typical Scenarios Typical Permissions Scenarios Granting Permissions to an IAM User Under the Current Account Granting Permissions to Multiple IAM Users or User Groups Under the Current Account Granting Permissions to Other Accounts Granting Permissions
Table 1 OBS access control Method Description Reference Permission control IAM permissions IAM permissions define which actions on your cloud resources are allowed or denied.
To mitigate such risks, you can use IAM Permissions to implement fine-grained permissions management.
In the navigation pane, choose Permissions > Bucket Policies and check whether there is a policy that restricts the account or IAM user to download objects. If yes, modify the bucket policy to grant the account or IAM user the permission.
Elastic Cloud Server (ECS) Accessing OBS over Intranet IAM provides the following functions: User identity authentication IAM user permission control IAM agency configuration Identity and Access Management (IAM) Permissions Management Configuring User Permissions Agencies Cloud Eye
In the navigation pane, choose Permissions > Bucket Policies and check whether there is a policy preventing the account or IAM user from uploading objects. If yes, modify the bucket policy to grant the account or IAM user the permission.
Through the Identity and Access Management (IAM) service, you can create a user who has the permission to access OBS resources and manage buckets and objects on obsutil. If you do not need to use any IAM user, skip this step.
On the console homepage, choose Service List > Management & Governance > Identity and Access Management to access the IAM console. On the IAM console, choose User in the left navigation tree. On the User page, click Create User.
ACLs control write and read permissions based on accounts, whose permission granularity is not as fine as bucket policies or IAM permissions. Generally, it is recommended that you use IAM permissions and bucket policies for access control.
For details about how to obtain an IAM username, see Obtaining an IAM Username. g:UserId String No IAM user ID of the requester.
Therefore, before configuring logging for a bucket, you need to create an IAM agency for OBS and add this IAM agency when configuring logging for the bucket.
These users do not have IAM user permissions, so you can grant temporary permissions to allow these users to temporarily access OBS.
NOTE: You can obtain the account ID and IAM user ID from the My Credentials page. Accounts should be configured in the Domain ID/IAM user ID format, with each one on a separate line. Account ID/* indicates that permission is granted to all IAM users under the account.
The Agency field indicates the name of the IAM agency for OBS created by the owner of the target bucket. For details about how to create an IAM agency, see the IAM User Guide. Enabling Bucket Logging Sample code: // Initialize configuration parameters.
For details, see Creating an IAM User. Add the administrator to the admin user group. Do not add other users to user groups with OBS access permissions. For details, see Assigning Permissions to an IAM User. Create a bucket.
IAM Huawei Cloud's Identity and Access Management. It generates temporary security credentials. Procedure Obtain the OBS SDK and IAM SDK. To obtain the OBS SDK, visit SDK Developer Guide. To obtain the IAM SDK, visit IAM SDK.
OBS permission control means to grant permissions to other accounts or IAM users by editing access policies. For example, if you have a bucket, you can authorize another IAM user to upload objects to your bucket.
