liangxiaobi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/umn/obs_03_0081.html
zhangyue 7492b7b30f OBS UMN doc 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2023-02-27 19:04:41 +00:00

93 lines
10 KiB
HTML
Raw Blame History

<a name="obs_03_0081"></a><a name="obs_03_0081"></a>
<h1 class="topictitle1">Granting Other Accounts with the Operation Permissions for a Specified Bucket</h1>
<div id="body1557026128761"><p id="obs_03_0081__p1919519475574">The bucket owner (root account) or other accounts and IAM users, who have the permission to set bucket policies, can configure bucket policies to grant the bucket operation permissions to other accounts or IAM users under other accounts.</p>
<p id="obs_03_0081__p2058382155214">The following is an example about how to authorize other accounts with the bucket access and object upload permissions.</p>
<div class="note" id="obs_03_0081__note13614125415289"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0081__p10614165402811">To grant permissions to IAM users under other accounts, you need to configure a bucket policy and also <span id="obs_03_0081__ph16990133392417">IAM policies</span>.</p>
<ol id="obs_03_0081__ol7853716103516"><li id="obs_03_0081__li685301693514">Configure a bucket policy to allow IAM users to access the bucket.</li><li id="obs_03_0081__li888244323516">Configure <span id="obs_03_0081__ph135373523355">IAM policies</span> for the account to which the authorized IAM user belongs, to allow the IAM user to access the bucket.</li></ol>
<p id="obs_03_0081__p1345162763720">Only permissions that are allowed by both the bucket policy and <span id="obs_03_0081__ph5939236183712">IAM policies</span> can take effect.</p>
</div></div>
<div class="section" id="obs_03_0081__section435994418812"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0081__ol549119194012"><li id="obs_03_0081__li99821455306"><span>In the bucket list, click the bucket you want to operate. The <strong id="obs_03_0081__obs_03_0307_b1395123914108">Overview</strong> page of the bucket is displayed.</span></li><li id="obs_03_0081__li13508181724617"><span>In the navigation pane on the left, click <strong id="obs_03_0081__obs_03_0142_b63882047163712">Permissions</strong> to go to the permission management page.</span></li><li id="obs_03_0081__li8120153165517"><span>Choose <strong id="obs_03_0081__b942110816513">Bucket Policies</strong> &gt; <strong id="obs_03_0081__b7422287515">Custom Bucket Policies</strong>.</span></li><li id="obs_03_0081__li81441540133419"><span>Click <strong id="obs_03_0081__b111286107515">Create Bucket Policy</strong>. The <strong id="obs_03_0081__b14129191013513">Create Bucket Policy</strong> dialog box is displayed.</span></li><li id="obs_03_0081__li17931032163517"><span>Set the following parameters to authorize another account with the permission to access the bucket:</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0081__table7531653104420" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for authorizing the permission to access a specified bucket</caption><thead align="left"><tr id="obs_03_0081__row2532105311447"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.2.5.2.1.2.3.1.1"><p id="obs_03_0081__p16532195364414">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.2.5.2.1.2.3.1.2"><p id="obs_03_0081__p15532145310443">Value</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0081__row953216536449"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.1 "><p id="obs_03_0081__p1653265344417">Policy Mode</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.2 "><p id="obs_03_0081__p95328538440"><strong id="obs_03_0081__b173011935194310">Customized</strong></p>
</td>
</tr>
<tr id="obs_03_0081__row16532753114417"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.1 "><p id="obs_03_0081__p353219537448">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.2 "><p id="obs_03_0081__p5532353104418"><strong id="obs_03_0081__b19922174264316">Allow</strong></p>
</td>
</tr>
<tr id="obs_03_0081__row115321753164415"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.1 "><p id="obs_03_0081__p1553215538449">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.2 "><ul id="obs_03_0081__ul136938242519"><li id="obs_03_0081__li969532495111"><strong id="obs_03_0081__b187704534318">Include</strong></li><li id="obs_03_0081__li269712369202"><strong id="obs_03_0081__b158058444417">Cloud service user</strong>. Select <strong id="obs_03_0081__b132601515104417">Other account</strong>, and enter the account ID and user ID.<p id="obs_03_0081__p75419201471">For <strong id="obs_03_0081__b12590151316220">Account ID</strong>, enter the <strong id="obs_03_0081__b112021124529">Domain ID</strong> that can be found on the <strong id="obs_03_0081__b145225442027">My Credential</strong> page.</p>
</li></ul>
</td>
</tr>
<tr id="obs_03_0081__row653285374414"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.1 "><p id="obs_03_0081__p753212538444">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.2 "><ul id="obs_03_0081__ul964933612542"><li id="obs_03_0081__li564933617545"><strong id="obs_03_0081__b1366645434417">Include</strong></li><li id="obs_03_0081__li13501734155919">Leave it blank.</li></ul>
</td>
</tr>
<tr id="obs_03_0081__row18790945165418"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.1 "><p id="obs_03_0081__p12791194519544">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.2 "><ul id="obs_03_0081__ul815102155519"><li id="obs_03_0081__li161522195512"><strong id="obs_03_0081__b9707759204411">Include</strong></li><li id="obs_03_0081__li13801149553">ListBucket</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0081__li20063255511"><span>Click <strong id="obs_03_0081__b7811522458">OK</strong>.</span></li><li id="obs_03_0081__li664901415562"><span>Click <strong id="obs_03_0081__b147417384518">Create Bucket Policy</strong>. The <strong id="obs_03_0081__b274212354520">Create Bucket Policy</strong> dialog box is displayed.</span></li><li id="obs_03_0081__li16621126135610"><span>Set the following parameters to authorize another account with the permission to upload objects:</span><p><div class="note" id="obs_03_0081__note5130172785715"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0081__p20130152735713">Before authorizing the user with the permission to operate objects, ensure that the user has the permission to access the bucket.</p>
</div></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0081__table566311261565" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for authorizing the permission to upload objects</caption><thead align="left"><tr id="obs_03_0081__row16664826175610"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.2.8.2.2.2.3.1.1"><p id="obs_03_0081__p1466442615612">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.2.8.2.2.2.3.1.2"><p id="obs_03_0081__p1466516269566">Value</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0081__row12665142619562"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.1 "><p id="obs_03_0081__p36664266562">Policy Mode</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.2 "><p id="obs_03_0081__p14666152615562"><strong id="obs_03_0081__b16452350144517">Customized</strong></p>
</td>
</tr>
<tr id="obs_03_0081__row3667132613567"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.1 "><p id="obs_03_0081__p1866732655612">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.2 "><p id="obs_03_0081__p966982619569"><strong id="obs_03_0081__b34165604519">Allow</strong></p>
</td>
</tr>
<tr id="obs_03_0081__row666915260561"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.1 "><p id="obs_03_0081__p8670112635619">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.2 "><ul id="obs_03_0081__ul1670726135620"><li id="obs_03_0081__li1567162695619"><strong id="obs_03_0081__b67530576453">Include</strong></li><li id="obs_03_0081__li15319185511214"><strong id="obs_03_0081__b4659916460">Cloud service user</strong>. Select <strong id="obs_03_0081__b176616114616">Other account</strong>, and enter the account ID and user ID.<p id="obs_03_0081__p12751112924814">For <strong id="obs_03_0081__b163385912319">Account ID</strong>, enter the <strong id="obs_03_0081__b0339491037">Domain ID</strong> that can be found on the <strong id="obs_03_0081__b163391491434">My Credential</strong> page.</p>
</li></ul>
</td>
</tr>
<tr id="obs_03_0081__row126721226135618"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.1 "><p id="obs_03_0081__p0673122685615">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.2 "><ul id="obs_03_0081__ul11674152619564"><li id="obs_03_0081__li1067452605618"><strong id="obs_03_0081__b929562318466">Include</strong></li><li id="obs_03_0081__li167318513586">Resource name: <strong id="obs_03_0081__b925182454617">*</strong></li></ul>
</td>
</tr>
<tr id="obs_03_0081__row167522618569"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.1 "><p id="obs_03_0081__p1367692611568">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.2 "><ul id="obs_03_0081__ul176761226135619"><li id="obs_03_0081__li11676142635613"><strong id="obs_03_0081__b517511270469">Include</strong></li><li id="obs_03_0081__li1567672613569">PutObject</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0081__li9679192645612"><span>Click <strong id="obs_03_0081__b11365193111469">OK</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0127.html">Application Cases</a></div>
</div>
</div>
View Git Blame Copy Permalink