From 2c8baf104eaa0edb4e1eb3896850fd160b6417c0 Mon Sep 17 00:00:00 2001
From: zhangyue <zhangyue164@huawei.com>
Date: Tue, 29 Oct 2024 16:45:36 +0000
Subject: [PATCH] OBS PERM DOC

Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
---
 docs/obs/perms-cfg/ALL_META.TXT.json          | 483 +++++++++++++++---
 docs/obs/perms-cfg/CLASS.TXT.json             | 114 ++---
 .../en-us_image_0000001436265909.png          | Bin 39363 -> 0 bytes
 ...0.png => en-us_image_0000001664558420.png} | Bin
 docs/obs/perms-cfg/obs_40_0001.html           | 114 ++---
 docs/obs/perms-cfg/obs_40_0002.html           |   2 +-
 docs/obs/perms-cfg/obs_40_0003.html           | 145 ++++--
 docs/obs/perms-cfg/obs_40_0004.html           |  74 +--
 docs/obs/perms-cfg/obs_40_0005.html           |  94 ++--
 docs/obs/perms-cfg/obs_40_0007.html           |   6 +-
 docs/obs/perms-cfg/obs_40_0008.html           |  30 +-
 docs/obs/perms-cfg/obs_40_0009.html           |  14 +-
 docs/obs/perms-cfg/obs_40_0010.html           |   2 +-
 docs/obs/perms-cfg/obs_40_0011.html           |  57 ++-
 docs/obs/perms-cfg/obs_40_0012.html           |   6 +-
 docs/obs/perms-cfg/obs_40_0013.html           |  12 +-
 docs/obs/perms-cfg/obs_40_0014.html           |  18 +-
 docs/obs/perms-cfg/obs_40_0015.html           |  35 +-
 docs/obs/perms-cfg/obs_40_0016.html           |  36 +-
 docs/obs/perms-cfg/obs_40_0017.html           |  34 +-
 docs/obs/perms-cfg/obs_40_0018.html           |  38 +-
 docs/obs/perms-cfg/obs_40_0019.html           |   8 +-
 docs/obs/perms-cfg/obs_40_0020.html           |  14 +-
 docs/obs/perms-cfg/obs_40_0021.html           |  16 +-
 docs/obs/perms-cfg/obs_40_0022.html           |  22 +-
 docs/obs/perms-cfg/obs_40_0023.html           |  37 +-
 docs/obs/perms-cfg/obs_40_0024.html           |  12 +-
 docs/obs/perms-cfg/obs_40_0025.html           |  23 +-
 docs/obs/perms-cfg/obs_40_0026.html           |  16 +-
 docs/obs/perms-cfg/obs_40_0027.html           |  97 ++--
 docs/obs/perms-cfg/obs_40_0028.html           |  18 +-
 docs/obs/perms-cfg/obs_40_0029.html           |  20 +-
 docs/obs/perms-cfg/obs_40_0030.html           |   8 +-
 docs/obs/perms-cfg/obs_40_0031.html           |  53 +-
 docs/obs/perms-cfg/obs_40_0032.html           |  23 +-
 docs/obs/perms-cfg/obs_40_0033.html           |   2 +-
 docs/obs/perms-cfg/obs_40_0034.html           |   6 +-
 docs/obs/perms-cfg/obs_40_0036.html           |  14 +-
 docs/obs/perms-cfg/obs_40_0037.html           |  18 +-
 docs/obs/perms-cfg/obs_40_0039.html           |  16 +-
 docs/obs/perms-cfg/obs_40_0041.html           | 368 ++++++-------
 docs/obs/perms-cfg/obs_40_0042.html           |   5 +-
 docs/obs/perms-cfg/obs_40_0043.html           |   8 +-
 docs/obs/perms-cfg/obs_40_0044.html           |  30 +-
 44 files changed, 1244 insertions(+), 904 deletions(-)
 delete mode 100644 docs/obs/perms-cfg/en-us_image_0000001436265909.png
 rename docs/obs/perms-cfg/{en-us_image_0000001335934590.png => en-us_image_0000001664558420.png} (100%)

diff --git a/docs/obs/perms-cfg/ALL_META.TXT.json b/docs/obs/perms-cfg/ALL_META.TXT.json
index 8a537316..ffad1a61 100644
--- a/docs/obs/perms-cfg/ALL_META.TXT.json
+++ b/docs/obs/perms-cfg/ALL_META.TXT.json
@@ -1,411 +1,742 @@
 [
+	{
+		"dockw":"Permission Configuration Guide"
+	},
 	{
 		"uri":"obs_40_0001.html",
+		"node_id":"obs_40_0001.xml",
 		"product_code":"obs",
 		"code":"1",
-		"des":"By default, OBS resources (buckets and objects) are private. Only resource owners can access their OBS resources. Without authorization, other users cannot access OBS. OB",
+		"des":"By default, OBS resources (buckets and objects) are private. Only resource owners can access their OBS resources. Other users cannot access such resources without authori",
 		"doc_type":"perms-cfg",
-		"kw":"Introduction to OBS Access Control,Permission Configuration Guide",
-		"title":"Introduction to OBS Access Control",
+		"kw":"Differences Between OBS Permissions Control Methods,Permission Configuration Guide",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Differences Between OBS Permissions Control Methods",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0002.html",
+		"node_id":"obs_40_0002.xml",
 		"product_code":"obs",
 		"code":"2",
 		"des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
 		"doc_type":"perms-cfg",
-		"kw":"Permission Control Mechanisms",
-		"title":"Permission Control Mechanisms",
+		"kw":"Permission Control Methods",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Permission Control Methods",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0003.html",
+		"node_id":"obs_40_0003.xml",
 		"product_code":"obs",
 		"code":"3",
 		"des":"By default, newly created IAM users do not have any permissions. You need to add the user to one or more groups, and attach permission policies or roles to these groups. ",
 		"doc_type":"perms-cfg",
-		"kw":"IAM Permissions,Permission Control Mechanisms,Permission Configuration Guide",
+		"kw":"IAM Permissions,Permission Control Methods,Permission Configuration Guide",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"IAM Permissions",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0004.html",
+		"node_id":"obs_40_0004.xml",
 		"product_code":"obs",
 		"code":"4",
-		"des":"A bucket policy applies to an OBS bucket and objects in the bucket. By leveraging bucket policies, the owner of a bucket can authorize IAM users or other accounts the per",
+		"des":"A bucket policy applies to an OBS bucket and the objects in the bucket. Bucket policies let a bucket owner grant IAM users or other accounts permissions on the bucket and",
 		"doc_type":"perms-cfg",
-		"kw":"Bucket Policies,Permission Control Mechanisms,Permission Configuration Guide",
+		"kw":"Bucket Policies,Permission Control Methods,Permission Configuration Guide",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Bucket Policies",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0005.html",
+		"node_id":"obs_40_0005.xml",
 		"product_code":"obs",
 		"code":"5",
-		"des":"An ACL is a list that defines grantees and their granted permissions.Bucket and object ACLs are attached to accounts. By default, an ACL is created when a bucket or objec",
+		"des":"An access control list (ACL) is a list of rules that specifies which users or systems are granted or denied access to a particular bucket or object.Bucket and object ACLs",
 		"doc_type":"perms-cfg",
-		"kw":"ACLs,Permission Control Mechanisms,Permission Configuration Guide",
+		"kw":"ACLs,Permission Control Methods,Permission Configuration Guide",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"ACLs",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0006.html",
+		"node_id":"obs_40_0006.xml",
 		"product_code":"obs",
 		"code":"6",
 		"des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
 		"doc_type":"perms-cfg",
 		"kw":"Access Requests",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Access Requests",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0007.html",
+		"node_id":"obs_40_0007.xml",
 		"product_code":"obs",
 		"code":"7",
-		"des":"OBS provides REST APIs that supports authenticated requests and anonymous requests. Anonymous requests are typically used for scenarios that require public access, such a",
+		"des":"OBS REST APIs support authenticated requests and anonymous requests. Anonymous requests are typically used for public access, such as accessing hosted static websites. In",
 		"doc_type":"perms-cfg",
 		"kw":"Accessing OBS Using Permanent Access Keys,Access Requests,Permission Configuration Guide",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Accessing OBS Using Permanent Access Keys",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0008.html",
+		"node_id":"obs_40_0008.xml",
 		"product_code":"obs",
 		"code":"8",
-		"des":"OBS can be accessed through temporary access keys and the security token, which can be obtained on IAM. You can assign the temporary access keys (including the security t",
+		"des":"You can assign temporary security credentials (including an AK, an SK, and a security token) to a third-party application or an IAM user, so that they can access OBS only",
 		"doc_type":"perms-cfg",
 		"kw":"Accessing OBS Using Temporary Access Keys,Access Requests,Permission Configuration Guide",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Accessing OBS Using Temporary Access Keys",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0009.html",
+		"node_id":"obs_40_0009.xml",
 		"product_code":"obs",
 		"code":"9",
-		"des":"You can use a temporary URL to access OBS and perform operations such as bucket creation or object upload and download. This section describes how to share objects using ",
+		"des":"You can share a temporary URL to allow other users to access OBS to create buckets and upload and download objects. This section describes how to share a temporary URL to",
 		"doc_type":"perms-cfg",
 		"kw":"Accessing OBS Using a Temporary URL,Access Requests,Permission Configuration Guide",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Accessing OBS Using a Temporary URL",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0010.html",
+		"node_id":"obs_40_0010.xml",
 		"product_code":"obs",
 		"code":"10",
-		"des":"The IAM agency is a function of Identity and Access Management (IAM). In some OBS application scenarios (such as CDN private bucket retrieval and cross-region replication",
+		"des":"The IAM agency is a function of Identity and Access Management (IAM). In scenarios such as CDN private bucket retrieval and cross-region replication, IAM agencies are req",
 		"doc_type":"perms-cfg",
 		"kw":"Accessing OBS Using an IAM Agency,Access Requests,Permission Configuration Guide",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Accessing OBS Using an IAM Agency",
 		"githuburl":""
 	},
 	{
-		"uri":"obs_40_0011.html",
+		"uri":"obs_40_0012.html",
+		"node_id":"obs_40_0012.xml",
 		"product_code":"obs",
 		"code":"11",
-		"des":"The following typical scenarios are provided to help you better configure OBS permission control.Factors to consider before configuring permission control:Who are granted",
+		"des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
 		"doc_type":"perms-cfg",
-		"kw":"Typical Permission Control Scenarios,Permission Configuration Guide",
-		"title":"Typical Permission Control Scenarios",
+		"kw":"Permission Configuration in Typical Scenarios",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Permission Configuration in Typical Scenarios",
 		"githuburl":""
 	},
 	{
-		"uri":"obs_40_0012.html",
+		"uri":"obs_40_0011.html",
+		"node_id":"obs_40_0011.xml",
 		"product_code":"obs",
 		"code":"12",
-		"des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+		"des":"The permissions settings for typical scenarios are provided to facilitate permissions management.You need to consider the following factors before configuring permissions",
 		"doc_type":"perms-cfg",
-		"kw":"Configuration Cases in Typical Permission Control Scenarios",
-		"title":"Configuration Cases in Typical Permission Control Scenarios",
+		"kw":"Typical Permissions Scenarios,Permission Configuration in Typical Scenarios,Permission Configuration",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Typical Permissions Scenarios",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0013.html",
+		"node_id":"obs_40_0013.xml",
 		"product_code":"obs",
 		"code":"13",
 		"des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
 		"doc_type":"perms-cfg",
 		"kw":"Granting Permissions to an IAM User Under the Account",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Granting Permissions to an IAM User Under the Account",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0014.html",
+		"node_id":"obs_40_0014.xml",
 		"product_code":"obs",
 		"code":"14",
-		"des":"This topic describes how to grant an IAM user the permissions required to create and list buckets. An IAM user with this permission can create buckets. The created bucket",
+		"des":"This topic describes how to grant an IAM user the permissions to create and list buckets. An IAM user with this permission can create and list buckets. The created bucket",
 		"doc_type":"perms-cfg",
-		"kw":"Granting an IAM User the Permissions Required to List and Create Buckets,Granting Permissions to an ",
-		"title":"Granting an IAM User the Permissions Required to List and Create Buckets",
+		"kw":"Granting an IAM User the Permissions to Create and List Buckets,Granting Permissions to an IAM User ",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting an IAM User the Permissions to Create and List Buckets",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0015.html",
+		"node_id":"obs_40_0015.xml",
 		"product_code":"obs",
 		"code":"15",
-		"des":"This topic describes how to grant an IAM user the read and write permissions on an OBS bucket.You are advised to use bucket policies to grant resource-level permissions t",
+		"des":"This topic describes how to grant an IAM user the read/write permission on an OBS bucket.To grant resource-level permissions to an IAM user, use a bucket policy.After con",
 		"doc_type":"perms-cfg",
-		"kw":"Granting an IAM User the Read and Write Permissions on a Bucket,Granting Permissions to an IAM User ",
-		"title":"Granting an IAM User the Read and Write Permissions on a Bucket",
+		"kw":"Granting an IAM User the Read/Write Permission on a Bucket,Granting Permissions to an IAM User Under",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting an IAM User the Read/Write Permission on a Bucket",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0016.html",
+		"node_id":"obs_40_0016.xml",
 		"product_code":"obs",
 		"code":"16",
-		"des":"This topic describes how to grant an IAM user the permissions required to perform specific operations on an OBS bucket. Below describes how to grant the bucket deletion p",
+		"des":"This topic describes how to grant an IAM user the permissions required to delete a bucket.To grant other permissions, select required actions from Action Name in the buck",
 		"doc_type":"perms-cfg",
-		"kw":"Granting an IAM User the Permissions Required to Perform Specific Operations on a Specific Bucket,Gr",
-		"title":"Granting an IAM User the Permissions Required to Perform Specific Operations on a Specific Bucket",
+		"kw":"Granting an IAM User the Specified Permissions for a Bucket,Granting Permissions to an IAM User Unde",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting an IAM User the Specified Permissions for a Bucket",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0017.html",
+		"node_id":"obs_40_0017.xml",
 		"product_code":"obs",
 		"code":"17",
-		"des":"This topic describes how to grant an IAM user the read permission on an object or a set of objects in an OBS bucket.You are advised to use bucket policies to grant resour",
+		"des":"This topic describes how to grant an IAM user the read permissions on an object or a set of objects in an OBS bucket.To grant resource-level permissions to an IAM user, u",
 		"doc_type":"perms-cfg",
-		"kw":"Granting an IAM User the Read Permission on a Specific Object,Granting Permissions to an IAM User Un",
-		"title":"Granting an IAM User the Read Permission on a Specific Object",
+		"kw":"Granting an IAM User the Read Permissions on Specific Objects,Granting Permissions to an IAM User Un",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting an IAM User the Read Permissions on Specific Objects",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0018.html",
+		"node_id":"obs_40_0018.xml",
 		"product_code":"obs",
 		"code":"18",
-		"des":"This topic describes how to grant an IAM user certain permissions on specific objects in a bucket. Below explains how to grant the object download permission.If you need ",
+		"des":"This topic describes how to grant an IAM user the permissions to download specific objects from a bucket.To grant other permissions, select required actions from Action N",
 		"doc_type":"perms-cfg",
-		"kw":"Granting an IAM User the Permissions Required to Perform Specific Operations on Certain Objects,Gran",
-		"title":"Granting an IAM User the Permissions Required to Perform Specific Operations on Certain Objects",
+		"kw":"Granting an IAM User the Specific Permissions on Specific Objects,Granting Permissions to an IAM Use",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting an IAM User the Specific Permissions on Specific Objects",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0019.html",
+		"node_id":"obs_40_0019.xml",
 		"product_code":"obs",
 		"code":"19",
 		"des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
 		"doc_type":"perms-cfg",
 		"kw":"Granting Permissions to Multiple IAM Users or User Groups Under the Account",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Granting Permissions to Multiple IAM Users or User Groups Under the Account",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0020.html",
+		"node_id":"obs_40_0020.xml",
 		"product_code":"obs",
 		"code":"20",
-		"des":"This topic describes how to grant multiple IAM users or user groups all permissions on all OBS resources. Users with this permission can perform any OBS operation.IAM cus",
+		"des":"This topic describes how to grant multiple IAM users or user groups all permissions on all OBS resources. Users with this permission can perform any operations on OBS.Use",
 		"doc_type":"perms-cfg",
 		"kw":"Granting IAM User Groups All Permissions on All OBS Resources,Granting Permissions to Multiple IAM U",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Granting IAM User Groups All Permissions on All OBS Resources",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0021.html",
+		"node_id":"obs_40_0021.xml",
 		"product_code":"obs",
 		"code":"21",
-		"des":"This topic describes how to use the OBS-related system roles and policies preset in IAM to grant basic operation permissions on all OBS resources to multiple IAM users or",
+		"des":"This topic describes how to use OBS system roles and policies preset in IAM to grant basic operation permissions for all OBS resources to multiple IAM users or user group",
 		"doc_type":"perms-cfg",
 		"kw":"Granting IAM User Groups Basic Permissions on All OBS Resources,Granting Permissions to Multiple IAM",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Granting IAM User Groups Basic Permissions on All OBS Resources",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0022.html",
+		"node_id":"obs_40_0022.xml",
 		"product_code":"obs",
 		"code":"22",
-		"des":"This topic describes how to grant multiple IAM users or user groups specific permissions on all OBS resources.IAM custom policiesAfter the configuration is complete, you ",
+		"des":"This topic describes how to grant multiple IAM users or user groups specified permissions for all OBS resources.Use an IAM custom policy to configure the permissions.Afte",
 		"doc_type":"perms-cfg",
-		"kw":"Granting IAM User Groups Specified Permissions on All OBS Resources,Granting Permissions to Multiple",
-		"title":"Granting IAM User Groups Specified Permissions on All OBS Resources",
+		"kw":"Granting IAM User Groups Specific Permissions for All OBS Resources,Granting Permissions to Multiple",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting IAM User Groups Specific Permissions for All OBS Resources",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0023.html",
+		"node_id":"obs_40_0023.xml",
 		"product_code":"obs",
 		"code":"23",
-		"des":"This topic describes how to grant certain operation permissions on specific OBS resources (can be a bucket or an object) to multiple IAM users or user groups.IAM custom p",
+		"des":"This topic describes how to grant specific operation permissions on specific OBS resources (a bucket or an object) to multiple IAM users or user groups.Use an IAM custom ",
 		"doc_type":"perms-cfg",
-		"kw":"Granting IAM User Groups Specified Permissions on Certain OBS Resources,Granting Permissions to Mult",
-		"title":"Granting IAM User Groups Specified Permissions on Certain OBS Resources",
+		"kw":"Granting IAM User Groups Specific Permissions on Specific OBS Resources,Granting Permissions to Mult",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting IAM User Groups Specific Permissions on Specific OBS Resources",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0044.html",
+		"node_id":"obs_40_0044.xml",
 		"product_code":"obs",
 		"code":"24",
-		"des":"This topic describes how to grant certain operation permissions on specific folders in an OBS bucket to multiple IAM users or user groups.IAM custom policiesAfter the con",
+		"des":"This topic describes how to grant specified permissions for a folder in an OBS bucket to multiple IAM users or user groups.Use an IAM custom policy to configure the permi",
 		"doc_type":"perms-cfg",
-		"kw":"Granting IAM User Groups Specified Permissions on Certain OBS Folders,Granting Permissions to Multip",
-		"title":"Granting IAM User Groups Specified Permissions on Certain OBS Folders",
+		"kw":"Granting IAM User Groups Specific Permissions on a Folder,Granting Permissions to Multiple IAM Users",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting IAM User Groups Specific Permissions on a Folder",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0024.html",
+		"node_id":"obs_40_0024.xml",
 		"product_code":"obs",
 		"code":"25",
 		"des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
 		"doc_type":"perms-cfg",
 		"kw":"Granting Permissions to Other Accounts",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Granting Permissions to Other Accounts",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0025.html",
+		"node_id":"obs_40_0025.xml",
 		"product_code":"obs",
 		"code":"26",
-		"des":"This topic describes how to grant other accounts (excluding the IAM users under them) the read and write permissions on OBS buckets. For details about how to grant permis",
+		"des":"This topic describes how to grant other accounts (excluding the IAM users under them) the read/write permission for OBS buckets. For details about how to grant permission",
 		"doc_type":"perms-cfg",
-		"kw":"Granting an Account the Read and Write Permissions on a Bucket,Granting Permissions to Other Account",
-		"title":"Granting an Account the Read and Write Permissions on a Bucket",
+		"kw":"Granting Other Accounts the Read/Write Permission for a Bucket,Granting Permissions to Other Account",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting Other Accounts the Read/Write Permission for a Bucket",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0026.html",
+		"node_id":"obs_40_0026.xml",
 		"product_code":"obs",
 		"code":"27",
-		"des":"This topic describes how to grant other accounts (excluding the IAM users under them) specific operation permissions on OBS buckets. For details about how to grant permis",
+		"des":"This topic describes how to grant other accounts (excluding the IAM users under them) specific permissions for OBS buckets. For details about how to grant permissions to ",
 		"doc_type":"perms-cfg",
-		"kw":"Granting an Account the Specified Permissions on a Bucket,Granting Permissions to Other Accounts,Per",
-		"title":"Granting an Account the Specified Permissions on a Bucket",
+		"kw":"Granting Other Accounts the Specified Permissions for a Bucket,Granting Permissions to Other Account",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting Other Accounts the Specified Permissions for a Bucket",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0027.html",
+		"node_id":"obs_40_0027.xml",
 		"product_code":"obs",
 		"code":"28",
 		"des":"This topic describes how to grant IAM users the permissions to access OBS buckets and resources in them.The following describes how to grant the permissions to upload and",
 		"doc_type":"perms-cfg",
-		"kw":"Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket,Granting Perm",
-		"title":"Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket",
+		"kw":"Granting IAM Users Under an Account the Access to a Bucket and the Resources in It,Granting Permissi",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting IAM Users Under an Account the Access to a Bucket and the Resources in It",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0028.html",
+		"node_id":"obs_40_0028.xml",
 		"product_code":"obs",
 		"code":"29",
 		"des":"This case describes how to grant other accounts (excluding IAM users under the account) the read permission for an object or a type of objects in an OBS bucket. For detai",
 		"doc_type":"perms-cfg",
-		"kw":"Granting an Account Read Permissions on Certain Objects,Granting Permissions to Other Accounts,Permi",
-		"title":"Granting an Account Read Permissions on Certain Objects",
+		"kw":"Granting Other Accounts the Read Permission for Certain Objects,Granting Permissions to Other Accoun",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting Other Accounts the Read Permission for Certain Objects",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0029.html",
+		"node_id":"obs_40_0029.xml",
 		"product_code":"obs",
 		"code":"30",
-		"des":"This case describes how to grant other accounts the specified operation permission on a specified object in an OBS bucket. The following describes how to grant the permis",
+		"des":"This section describes how to grant other accounts the permissions to download an object from a bucket.To grant other permissions, select required actions from Action Nam",
 		"doc_type":"perms-cfg",
-		"kw":"Granting an Account the Specified Permissions on Certain Objects,Granting Permissions to Other Accou",
-		"title":"Granting an Account the Specified Permissions on Certain Objects",
+		"kw":"Granting Other Accounts Specific Permissions for Specific Objects,Granting Permissions to Other Acco",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting Other Accounts Specific Permissions for Specific Objects",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0030.html",
+		"node_id":"obs_40_0030.xml",
 		"product_code":"obs",
 		"code":"31",
 		"des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
 		"doc_type":"perms-cfg",
 		"kw":"Granting Permissions to Anonymous Users",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Granting Permissions to Anonymous Users",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0031.html",
+		"node_id":"obs_40_0031.xml",
 		"product_code":"obs",
 		"code":"32",
 		"des":"If a bucket needs to be accessed by anonymous users, you can configure a bucket policy and bucket ACL to grant the access permission to anonymous users. The following use",
 		"doc_type":"perms-cfg",
-		"kw":"Granting Anonymous Users Public Read Permissions on a Bucket,Granting Permissions to Anonymous Users",
-		"title":"Granting Anonymous Users Public Read Permissions on a Bucket",
+		"kw":"Granting Anonymous Users the Public Read Permission for a Bucket,Granting Permissions to Anonymous U",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting Anonymous Users the Public Read Permission for a Bucket",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0032.html",
+		"node_id":"obs_40_0032.xml",
 		"product_code":"obs",
 		"code":"33",
-		"des":"If all objects in a folder need to be accessible to anonymous users, you can configure a bucket policy to grant anonymous users the permission to access the folder.The pr",
+		"des":"If all objects in a folder need to be accessible to anonymous users, you can configure a bucket policy to grant anonymous users the permission to access the folder.After ",
 		"doc_type":"perms-cfg",
-		"kw":"Granting Anonymous Users Public Read Permissions on a Directory,Granting Permissions to Anonymous Us",
-		"title":"Granting Anonymous Users Public Read Permissions on a Directory",
+		"kw":"Granting Anonymous Users the Read Permission for a Directory,Granting Permissions to Anonymous Users",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting Anonymous Users the Read Permission for a Directory",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0033.html",
+		"node_id":"obs_40_0033.xml",
 		"product_code":"obs",
 		"code":"34",
 		"des":"Enterprise A stores a large volume of map data in OBS, and offers the data for public query. This enterprise sets a read permission for anonymous users, and provides the ",
 		"doc_type":"perms-cfg",
-		"kw":"Granting Anonymous Users Public Read Permissions on Certain Objects,Granting Permissions to Anonymou",
-		"title":"Granting Anonymous Users Public Read Permissions on Certain Objects",
+		"kw":"Granting Anonymous Users the Read Permission for Certain Objects,Granting Permissions to Anonymous U",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Granting Anonymous Users the Read Permission for Certain Objects",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0034.html",
+		"node_id":"obs_40_0034.xml",
 		"product_code":"obs",
 		"code":"35",
 		"des":"If you want to open an object to all users for a limited period of time, you can use the object sharing function.Once the Share File dialog box is opened, the URL is effe",
 		"doc_type":"perms-cfg",
 		"kw":"Temporarily Sharing Objects with Anonymous Users,Granting Permissions to Anonymous Users,Permission ",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Temporarily Sharing Objects with Anonymous Users",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0037.html",
+		"node_id":"obs_40_0037.xml",
 		"product_code":"obs",
 		"code":"36",
-		"des":"This case describes how to use temporary access keys (temporary AK/SK and security token) to access OBS in temporary authorization mode.Assume that you want to enable an ",
+		"des":"This case describes how to use temporary access keys (temporary AK/SK and security token) to access OBS.Assume that you want to enable an IAM user (user name: APPServer) ",
 		"doc_type":"perms-cfg",
-		"kw":"Granting Temporary Access to OBS,Configuration Cases in Typical Permission Control Scenarios,Permiss",
+		"kw":"Granting Temporary Access to OBS,Permission Configuration in Typical Scenarios,Permission Configurat",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Granting Temporary Access to OBS",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0036.html",
+		"node_id":"obs_40_0036.xml",
 		"product_code":"obs",
 		"code":"37",
 		"des":"This case describes how to restrict the source IP addresses that can access an OBS bucket. The following shows how to deny a client access whose source IP address is with",
 		"doc_type":"perms-cfg",
-		"kw":"Preventing Specific IP Addresses from Accessing a Bucket,Configuration Cases in Typical Permission C",
-		"title":"Preventing Specific IP Addresses from Accessing a Bucket",
+		"kw":"Restricting Access to a Bucket for Specific IP Addresses,Permission Configuration in Typical Scenari",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Restricting Access to a Bucket for Specific IP Addresses",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0042.html",
+		"node_id":"obs_40_0042.xml",
 		"product_code":"obs",
 		"code":"38",
 		"des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
 		"doc_type":"perms-cfg",
 		"kw":"Appendix",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Appendix",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0041.html",
+		"node_id":"obs_40_0041.xml",
 		"product_code":"obs",
 		"code":"39",
-		"des":"A policy in JSON format is described as follows:Example:{ \n\"Statement\" : [{\n     \"Sid\": \"ExampleStatementID1\",\n     \"Principal\": \"*\",\n     \"Effect\": \"Allow\",   \n     \"Act",
+		"des":"A bucket policy in JSON format:Example:{ \n\"Statement\" : [{\n     \"Sid\": \"ExampleStatementID1\",\n     \"Principal\": \"*\",\n     \"Effect\": \"Allow\",   \n     \"Action\": [\"ListBucke",
 		"doc_type":"perms-cfg",
 		"kw":"Bucket Policy Parameters,Appendix,Permission Configuration Guide",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Bucket Policy Parameters",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0043.html",
+		"node_id":"obs_40_0043.xml",
 		"product_code":"obs",
 		"code":"40",
-		"des":"Bucket ACLs are used to control basic read and write access to buckets. Custom settings of bucket policies support more actions that can be performed on buckets. Bucket A",
+		"des":"Bucket ACLs control read and write permissions on buckets. Custom bucket policies can control more actions on buckets. Bucket ACLs are a supplement to bucket policies, bu",
 		"doc_type":"perms-cfg",
-		"kw":"Relationship Between Bucket Policies and Bucket ACLs,Appendix,Permission Configuration Guide",
-		"title":"Relationship Between Bucket Policies and Bucket ACLs",
+		"kw":"Relationship Between Bucket ACLs and Bucket Policies,Appendix,Permission Configuration Guide",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
+		"title":"Relationship Between Bucket ACLs and Bucket Policies",
 		"githuburl":""
 	},
 	{
 		"uri":"obs_40_0039.html",
+		"node_id":"obs_40_0039.xml",
 		"product_code":"obs",
 		"code":"41",
 		"des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
 		"doc_type":"perms-cfg",
 		"kw":"Change History,Permission Configuration Guide",
+		"search_title":"",
+		"metedata":[
+			{
+				"prodname":"obs",
+				"documenttype":"perms-cfg"
+			}
+		],
 		"title":"Change History",
 		"githuburl":""
 	}
diff --git a/docs/obs/perms-cfg/CLASS.TXT.json b/docs/obs/perms-cfg/CLASS.TXT.json
index 67210c45..5f7be312 100644
--- a/docs/obs/perms-cfg/CLASS.TXT.json
+++ b/docs/obs/perms-cfg/CLASS.TXT.json
@@ -1,8 +1,8 @@
 [
 	{
-		"desc":"By default, OBS resources (buckets and objects) are private. Only resource owners can access their OBS resources. Without authorization, other users cannot access OBS. OB",
+		"desc":"By default, OBS resources (buckets and objects) are private. Only resource owners can access their OBS resources. Other users cannot access such resources without authori",
 		"product_code":"obs",
-		"title":"Introduction to OBS Access Control",
+		"title":"Differences Between OBS Permissions Control Methods",
 		"uri":"obs_40_0001.html",
 		"doc_type":"perms-cfg",
 		"p_code":"",
@@ -11,7 +11,7 @@
 	{
 		"desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
 		"product_code":"obs",
-		"title":"Permission Control Mechanisms",
+		"title":"Permission Control Methods",
 		"uri":"obs_40_0002.html",
 		"doc_type":"perms-cfg",
 		"p_code":"",
@@ -27,7 +27,7 @@
 		"code":"3"
 	},
 	{
-		"desc":"A bucket policy applies to an OBS bucket and objects in the bucket. By leveraging bucket policies, the owner of a bucket can authorize IAM users or other accounts the per",
+		"desc":"A bucket policy applies to an OBS bucket and the objects in the bucket. Bucket policies let a bucket owner grant IAM users or other accounts permissions on the bucket and",
 		"product_code":"obs",
 		"title":"Bucket Policies",
 		"uri":"obs_40_0004.html",
@@ -36,7 +36,7 @@
 		"code":"4"
 	},
 	{
-		"desc":"An ACL is a list that defines grantees and their granted permissions.Bucket and object ACLs are attached to accounts. By default, an ACL is created when a bucket or objec",
+		"desc":"An access control list (ACL) is a list of rules that specifies which users or systems are granted or denied access to a particular bucket or object.Bucket and object ACLs",
 		"product_code":"obs",
 		"title":"ACLs",
 		"uri":"obs_40_0005.html",
@@ -54,7 +54,7 @@
 		"code":"6"
 	},
 	{
-		"desc":"OBS provides REST APIs that supports authenticated requests and anonymous requests. Anonymous requests are typically used for scenarios that require public access, such a",
+		"desc":"OBS REST APIs support authenticated requests and anonymous requests. Anonymous requests are typically used for public access, such as accessing hosted static websites. In",
 		"product_code":"obs",
 		"title":"Accessing OBS Using Permanent Access Keys",
 		"uri":"obs_40_0007.html",
@@ -63,7 +63,7 @@
 		"code":"7"
 	},
 	{
-		"desc":"OBS can be accessed through temporary access keys and the security token, which can be obtained on IAM. You can assign the temporary access keys (including the security t",
+		"desc":"You can assign temporary security credentials (including an AK, an SK, and a security token) to a third-party application or an IAM user, so that they can access OBS only",
 		"product_code":"obs",
 		"title":"Accessing OBS Using Temporary Access Keys",
 		"uri":"obs_40_0008.html",
@@ -72,7 +72,7 @@
 		"code":"8"
 	},
 	{
-		"desc":"You can use a temporary URL to access OBS and perform operations such as bucket creation or object upload and download. This section describes how to share objects using ",
+		"desc":"You can share a temporary URL to allow other users to access OBS to create buckets and upload and download objects. This section describes how to share a temporary URL to",
 		"product_code":"obs",
 		"title":"Accessing OBS Using a Temporary URL",
 		"uri":"obs_40_0009.html",
@@ -81,7 +81,7 @@
 		"code":"9"
 	},
 	{
-		"desc":"The IAM agency is a function of Identity and Access Management (IAM). In some OBS application scenarios (such as CDN private bucket retrieval and cross-region replication",
+		"desc":"The IAM agency is a function of Identity and Access Management (IAM). In scenarios such as CDN private bucket retrieval and cross-region replication, IAM agencies are req",
 		"product_code":"obs",
 		"title":"Accessing OBS Using an IAM Agency",
 		"uri":"obs_40_0010.html",
@@ -90,21 +90,21 @@
 		"code":"10"
 	},
 	{
-		"desc":"The following typical scenarios are provided to help you better configure OBS permission control.Factors to consider before configuring permission control:Who are granted",
+		"desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
 		"product_code":"obs",
-		"title":"Typical Permission Control Scenarios",
-		"uri":"obs_40_0011.html",
+		"title":"Permission Configuration in Typical Scenarios",
+		"uri":"obs_40_0012.html",
 		"doc_type":"perms-cfg",
 		"p_code":"",
 		"code":"11"
 	},
 	{
-		"desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+		"desc":"The permissions settings for typical scenarios are provided to facilitate permissions management.You need to consider the following factors before configuring permissions",
 		"product_code":"obs",
-		"title":"Configuration Cases in Typical Permission Control Scenarios",
-		"uri":"obs_40_0012.html",
+		"title":"Typical Permissions Scenarios",
+		"uri":"obs_40_0011.html",
 		"doc_type":"perms-cfg",
-		"p_code":"",
+		"p_code":"11",
 		"code":"12"
 	},
 	{
@@ -113,49 +113,49 @@
 		"title":"Granting Permissions to an IAM User Under the Account",
 		"uri":"obs_40_0013.html",
 		"doc_type":"perms-cfg",
-		"p_code":"12",
+		"p_code":"11",
 		"code":"13"
 	},
 	{
-		"desc":"This topic describes how to grant an IAM user the permissions required to create and list buckets. An IAM user with this permission can create buckets. The created bucket",
+		"desc":"This topic describes how to grant an IAM user the permissions to create and list buckets. An IAM user with this permission can create and list buckets. The created bucket",
 		"product_code":"obs",
-		"title":"Granting an IAM User the Permissions Required to List and Create Buckets",
+		"title":"Granting an IAM User the Permissions to Create and List Buckets",
 		"uri":"obs_40_0014.html",
 		"doc_type":"perms-cfg",
 		"p_code":"13",
 		"code":"14"
 	},
 	{
-		"desc":"This topic describes how to grant an IAM user the read and write permissions on an OBS bucket.You are advised to use bucket policies to grant resource-level permissions t",
+		"desc":"This topic describes how to grant an IAM user the read/write permission on an OBS bucket.To grant resource-level permissions to an IAM user, use a bucket policy.After con",
 		"product_code":"obs",
-		"title":"Granting an IAM User the Read and Write Permissions on a Bucket",
+		"title":"Granting an IAM User the Read/Write Permission on a Bucket",
 		"uri":"obs_40_0015.html",
 		"doc_type":"perms-cfg",
 		"p_code":"13",
 		"code":"15"
 	},
 	{
-		"desc":"This topic describes how to grant an IAM user the permissions required to perform specific operations on an OBS bucket. Below describes how to grant the bucket deletion p",
+		"desc":"This topic describes how to grant an IAM user the permissions required to delete a bucket.To grant other permissions, select required actions from Action Name in the buck",
 		"product_code":"obs",
-		"title":"Granting an IAM User the Permissions Required to Perform Specific Operations on a Specific Bucket",
+		"title":"Granting an IAM User the Specified Permissions for a Bucket",
 		"uri":"obs_40_0016.html",
 		"doc_type":"perms-cfg",
 		"p_code":"13",
 		"code":"16"
 	},
 	{
-		"desc":"This topic describes how to grant an IAM user the read permission on an object or a set of objects in an OBS bucket.You are advised to use bucket policies to grant resour",
+		"desc":"This topic describes how to grant an IAM user the read permissions on an object or a set of objects in an OBS bucket.To grant resource-level permissions to an IAM user, u",
 		"product_code":"obs",
-		"title":"Granting an IAM User the Read Permission on a Specific Object",
+		"title":"Granting an IAM User the Read Permissions on Specific Objects",
 		"uri":"obs_40_0017.html",
 		"doc_type":"perms-cfg",
 		"p_code":"13",
 		"code":"17"
 	},
 	{
-		"desc":"This topic describes how to grant an IAM user certain permissions on specific objects in a bucket. Below explains how to grant the object download permission.If you need ",
+		"desc":"This topic describes how to grant an IAM user the permissions to download specific objects from a bucket.To grant other permissions, select required actions from Action N",
 		"product_code":"obs",
-		"title":"Granting an IAM User the Permissions Required to Perform Specific Operations on Certain Objects",
+		"title":"Granting an IAM User the Specific Permissions on Specific Objects",
 		"uri":"obs_40_0018.html",
 		"doc_type":"perms-cfg",
 		"p_code":"13",
@@ -167,11 +167,11 @@
 		"title":"Granting Permissions to Multiple IAM Users or User Groups Under the Account",
 		"uri":"obs_40_0019.html",
 		"doc_type":"perms-cfg",
-		"p_code":"12",
+		"p_code":"11",
 		"code":"19"
 	},
 	{
-		"desc":"This topic describes how to grant multiple IAM users or user groups all permissions on all OBS resources. Users with this permission can perform any OBS operation.IAM cus",
+		"desc":"This topic describes how to grant multiple IAM users or user groups all permissions on all OBS resources. Users with this permission can perform any operations on OBS.Use",
 		"product_code":"obs",
 		"title":"Granting IAM User Groups All Permissions on All OBS Resources",
 		"uri":"obs_40_0020.html",
@@ -180,7 +180,7 @@
 		"code":"20"
 	},
 	{
-		"desc":"This topic describes how to use the OBS-related system roles and policies preset in IAM to grant basic operation permissions on all OBS resources to multiple IAM users or",
+		"desc":"This topic describes how to use OBS system roles and policies preset in IAM to grant basic operation permissions for all OBS resources to multiple IAM users or user group",
 		"product_code":"obs",
 		"title":"Granting IAM User Groups Basic Permissions on All OBS Resources",
 		"uri":"obs_40_0021.html",
@@ -189,27 +189,27 @@
 		"code":"21"
 	},
 	{
-		"desc":"This topic describes how to grant multiple IAM users or user groups specific permissions on all OBS resources.IAM custom policiesAfter the configuration is complete, you ",
+		"desc":"This topic describes how to grant multiple IAM users or user groups specified permissions for all OBS resources.Use an IAM custom policy to configure the permissions.Afte",
 		"product_code":"obs",
-		"title":"Granting IAM User Groups Specified Permissions on All OBS Resources",
+		"title":"Granting IAM User Groups Specific Permissions for All OBS Resources",
 		"uri":"obs_40_0022.html",
 		"doc_type":"perms-cfg",
 		"p_code":"19",
 		"code":"22"
 	},
 	{
-		"desc":"This topic describes how to grant certain operation permissions on specific OBS resources (can be a bucket or an object) to multiple IAM users or user groups.IAM custom p",
+		"desc":"This topic describes how to grant specific operation permissions on specific OBS resources (a bucket or an object) to multiple IAM users or user groups.Use an IAM custom ",
 		"product_code":"obs",
-		"title":"Granting IAM User Groups Specified Permissions on Certain OBS Resources",
+		"title":"Granting IAM User Groups Specific Permissions on Specific OBS Resources",
 		"uri":"obs_40_0023.html",
 		"doc_type":"perms-cfg",
 		"p_code":"19",
 		"code":"23"
 	},
 	{
-		"desc":"This topic describes how to grant certain operation permissions on specific folders in an OBS bucket to multiple IAM users or user groups.IAM custom policiesAfter the con",
+		"desc":"This topic describes how to grant specified permissions for a folder in an OBS bucket to multiple IAM users or user groups.Use an IAM custom policy to configure the permi",
 		"product_code":"obs",
-		"title":"Granting IAM User Groups Specified Permissions on Certain OBS Folders",
+		"title":"Granting IAM User Groups Specific Permissions on a Folder",
 		"uri":"obs_40_0044.html",
 		"doc_type":"perms-cfg",
 		"p_code":"19",
@@ -221,22 +221,22 @@
 		"title":"Granting Permissions to Other Accounts",
 		"uri":"obs_40_0024.html",
 		"doc_type":"perms-cfg",
-		"p_code":"12",
+		"p_code":"11",
 		"code":"25"
 	},
 	{
-		"desc":"This topic describes how to grant other accounts (excluding the IAM users under them) the read and write permissions on OBS buckets. For details about how to grant permis",
+		"desc":"This topic describes how to grant other accounts (excluding the IAM users under them) the read/write permission for OBS buckets. For details about how to grant permission",
 		"product_code":"obs",
-		"title":"Granting an Account the Read and Write Permissions on a Bucket",
+		"title":"Granting Other Accounts the Read/Write Permission for a Bucket",
 		"uri":"obs_40_0025.html",
 		"doc_type":"perms-cfg",
 		"p_code":"25",
 		"code":"26"
 	},
 	{
-		"desc":"This topic describes how to grant other accounts (excluding the IAM users under them) specific operation permissions on OBS buckets. For details about how to grant permis",
+		"desc":"This topic describes how to grant other accounts (excluding the IAM users under them) specific permissions for OBS buckets. For details about how to grant permissions to ",
 		"product_code":"obs",
-		"title":"Granting an Account the Specified Permissions on a Bucket",
+		"title":"Granting Other Accounts the Specified Permissions for a Bucket",
 		"uri":"obs_40_0026.html",
 		"doc_type":"perms-cfg",
 		"p_code":"25",
@@ -245,7 +245,7 @@
 	{
 		"desc":"This topic describes how to grant IAM users the permissions to access OBS buckets and resources in them.The following describes how to grant the permissions to upload and",
 		"product_code":"obs",
-		"title":"Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket",
+		"title":"Granting IAM Users Under an Account the Access to a Bucket and the Resources in It",
 		"uri":"obs_40_0027.html",
 		"doc_type":"perms-cfg",
 		"p_code":"25",
@@ -254,16 +254,16 @@
 	{
 		"desc":"This case describes how to grant other accounts (excluding IAM users under the account) the read permission for an object or a type of objects in an OBS bucket. For detai",
 		"product_code":"obs",
-		"title":"Granting an Account Read Permissions on Certain Objects",
+		"title":"Granting Other Accounts the Read Permission for Certain Objects",
 		"uri":"obs_40_0028.html",
 		"doc_type":"perms-cfg",
 		"p_code":"25",
 		"code":"29"
 	},
 	{
-		"desc":"This case describes how to grant other accounts the specified operation permission on a specified object in an OBS bucket. The following describes how to grant the permis",
+		"desc":"This section describes how to grant other accounts the permissions to download an object from a bucket.To grant other permissions, select required actions from Action Nam",
 		"product_code":"obs",
-		"title":"Granting an Account the Specified Permissions on Certain Objects",
+		"title":"Granting Other Accounts Specific Permissions for Specific Objects",
 		"uri":"obs_40_0029.html",
 		"doc_type":"perms-cfg",
 		"p_code":"25",
@@ -275,22 +275,22 @@
 		"title":"Granting Permissions to Anonymous Users",
 		"uri":"obs_40_0030.html",
 		"doc_type":"perms-cfg",
-		"p_code":"12",
+		"p_code":"11",
 		"code":"31"
 	},
 	{
 		"desc":"If a bucket needs to be accessed by anonymous users, you can configure a bucket policy and bucket ACL to grant the access permission to anonymous users. The following use",
 		"product_code":"obs",
-		"title":"Granting Anonymous Users Public Read Permissions on a Bucket",
+		"title":"Granting Anonymous Users the Public Read Permission for a Bucket",
 		"uri":"obs_40_0031.html",
 		"doc_type":"perms-cfg",
 		"p_code":"31",
 		"code":"32"
 	},
 	{
-		"desc":"If all objects in a folder need to be accessible to anonymous users, you can configure a bucket policy to grant anonymous users the permission to access the folder.The pr",
+		"desc":"If all objects in a folder need to be accessible to anonymous users, you can configure a bucket policy to grant anonymous users the permission to access the folder.After ",
 		"product_code":"obs",
-		"title":"Granting Anonymous Users Public Read Permissions on a Directory",
+		"title":"Granting Anonymous Users the Read Permission for a Directory",
 		"uri":"obs_40_0032.html",
 		"doc_type":"perms-cfg",
 		"p_code":"31",
@@ -299,7 +299,7 @@
 	{
 		"desc":"Enterprise A stores a large volume of map data in OBS, and offers the data for public query. This enterprise sets a read permission for anonymous users, and provides the ",
 		"product_code":"obs",
-		"title":"Granting Anonymous Users Public Read Permissions on Certain Objects",
+		"title":"Granting Anonymous Users the Read Permission for Certain Objects",
 		"uri":"obs_40_0033.html",
 		"doc_type":"perms-cfg",
 		"p_code":"31",
@@ -315,21 +315,21 @@
 		"code":"35"
 	},
 	{
-		"desc":"This case describes how to use temporary access keys (temporary AK/SK and security token) to access OBS in temporary authorization mode.Assume that you want to enable an ",
+		"desc":"This case describes how to use temporary access keys (temporary AK/SK and security token) to access OBS.Assume that you want to enable an IAM user (user name: APPServer) ",
 		"product_code":"obs",
 		"title":"Granting Temporary Access to OBS",
 		"uri":"obs_40_0037.html",
 		"doc_type":"perms-cfg",
-		"p_code":"12",
+		"p_code":"11",
 		"code":"36"
 	},
 	{
 		"desc":"This case describes how to restrict the source IP addresses that can access an OBS bucket. The following shows how to deny a client access whose source IP address is with",
 		"product_code":"obs",
-		"title":"Preventing Specific IP Addresses from Accessing a Bucket",
+		"title":"Restricting Access to a Bucket for Specific IP Addresses",
 		"uri":"obs_40_0036.html",
 		"doc_type":"perms-cfg",
-		"p_code":"12",
+		"p_code":"11",
 		"code":"37"
 	},
 	{
@@ -342,7 +342,7 @@
 		"code":"38"
 	},
 	{
-		"desc":"A policy in JSON format is described as follows:Example:{ \n\"Statement\" : [{\n     \"Sid\": \"ExampleStatementID1\",\n     \"Principal\": \"*\",\n     \"Effect\": \"Allow\",   \n     \"Act",
+		"desc":"A bucket policy in JSON format:Example:{ \n\"Statement\" : [{\n     \"Sid\": \"ExampleStatementID1\",\n     \"Principal\": \"*\",\n     \"Effect\": \"Allow\",   \n     \"Action\": [\"ListBucke",
 		"product_code":"obs",
 		"title":"Bucket Policy Parameters",
 		"uri":"obs_40_0041.html",
@@ -351,9 +351,9 @@
 		"code":"39"
 	},
 	{
-		"desc":"Bucket ACLs are used to control basic read and write access to buckets. Custom settings of bucket policies support more actions that can be performed on buckets. Bucket A",
+		"desc":"Bucket ACLs control read and write permissions on buckets. Custom bucket policies can control more actions on buckets. Bucket ACLs are a supplement to bucket policies, bu",
 		"product_code":"obs",
-		"title":"Relationship Between Bucket Policies and Bucket ACLs",
+		"title":"Relationship Between Bucket ACLs and Bucket Policies",
 		"uri":"obs_40_0043.html",
 		"doc_type":"perms-cfg",
 		"p_code":"38",
diff --git a/docs/obs/perms-cfg/en-us_image_0000001436265909.png b/docs/obs/perms-cfg/en-us_image_0000001436265909.png
deleted file mode 100644
index e6587d493457e158126d747b4cd9260f82b905d4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 39363
zcmd?RXIPV6yDf@z5CH)Nm8OQGg7n^%S3sJ8O7BfNNbk}`CG-|blq%9YNG}qlBnU{6
zPJl=c1Og#}><7Q~t+Us;);W9sIM=m*oF5>;r_6cZbKYglF^GSrqjrV%CM^jG$rTNC
zRecf?GT>*@5^74|H#^Brz;}{M-uh~fNUGrM8^8y0M-^=q5|Y})%LHo*;4_V<y0JG2
z34Pzi*Cm+8XFC#-Y$FX-mFEE#J7+XC953>hh`!UdaWE0)Woo(Y@M)x1aD0=k>+#|~
zUr^BR9Y6o{!ZPO)ws%!us_uWKrHuVzv#9cD`@J$LIdwF-`lCloq%<H<G|BBr(*8R%
zl^-c~@SS_J`*_aX*1W-C{6gDa=RZNm_;~4k_uW7-%mN<2Cd0P~CD%v+X$*?!C4n?j
zo?8`g10Tz}RaJmr>PN&!0>3OGWu~~ehJu$C_&#R5JNoJIa(_H?`lmZ3BDxA%EEm_*
zPj`mmd+#R7Gg*Y}e;c!V<E3TGx$Y+P_tp)8=79YbPlUoTOG-={NH`&I)B5j=j!1EK
zpOQhB{yte>C^;nt1r1ls0Q1ra{~b?Ia?EAcSh>A+vFjH8X@5sEp;@&4<m~k5J<p=!
zC(i%4F=;O~X|Mj-zu#t9j(mOhN95n@eXh&BUR8HWNwQ0&_`k;U1g+$?(vKdIT6{jh
zB9ajJcM>3p{{QEBr_lcEnrm77>VO&U|H)8YUh0XmUK>oWMVoLmdn|UMCk%9Bx=zcx
zXva%+8TfSbE3{<rHGB0ABebj*0oE;R8K%8e=4~q{9l^)33`zuH#l2(KuyEjMj`a^U
zS-@OMoSlS&A<uc=sTgm#465PvxVF?clKnqF3)5TMs8l42>jf-3<q6x4N)Ot*EQzO6
zB5##KPCV`5@W;a1&(1Q#ahZ7;{0+w~o}KyO=eS<{*)l^oTYkVwe2w$3FP@tdWrK5W
zwu^xb?U`x(xzb*D&czrf@k5s9q9Mog{^_ke8YvTbUqO0HN}UN@N{S0dIz1r&gz%$s
z%NKE6;e>t9Kck-pnatns$e;cxT&^abR`=oex)z=M%UpP9%Rbzasv1xI1lMBORCw6P
z6!SdnbQ~HRh*@uxGv?Q1sY5>OI2^0-+xa~>2TXZWCoi9$@lWW%55E0}Vm-*D+mCy}
z9CG&!9#6M=J7$U4K5>1ikC;b2VVCygp7UP}HP7JB^<N156`nnkhjYvi<n26uP~9%-
zI{#GyyeE*C%|8)rRu}(>cz$ME&?DM@Twe9{i){W;6V=c<GX=Yxp8zklnbf>*0^q$3
zAK=~F3mtNY8{>SG35oIt>gAzK*zFnS{NUYIHnXs!Uxxcfi-eKI{*PXG?2h$NhTw7x
zs|9t}$v2_i#q*uT0bJeAB#oKVg7~Y^k7x{(DDRFTU=R#<)xaNyqIMEF<eDHYW<Edv
z@gf?rYTJ)a`Z?dzWTAG|NHap%XPRG^bf058j`$rTx7%`8M{|pZJ8Y}6xi`;$;RaEZ
zu0+VFhFkt{^zrf@@q7>Yb+;40i{6KE#cAhAUSpzYY6UhEdMSz_wr%(8gAnYDqgRN_
zUbzB{r&>UdWGhF;+d)fuESPet*QL7S`Z+pIso%b;^K=uvp5yVdnkHk2kG7rFnP;~Z
zl^>wsneb*G#LyRe<vr?D=zK-UroPG0GE|}yHtW%);Qqigs?X0NXrp+v+On%9&nE;S
zzWV4EmYohGwM&Oj%+1D6r?&*w1RZVGxXm^NXsf3bi9Igmqb09U!u`;-A$iKU_?yEz
zGB8ph^1Ey6(WGf#Z_H)e(QGJ|frw`Kb;M-E7_yG~#CZ5x4MGyFNQT?!I@|H+`|7*3
za@f>lplMv7T%*Z2B1=in&KC8;`3CjU4K?AM$WN|IBbKpFg}P(PR!}U@wMZwdR1Uu|
zF@;Cd<|9I$e2N_H)*+M<F$vbpo@AnM2C1{C)2csHf92k?9NT+(4|It<&OZK;pLwn+
zTm<!ID<Yb&>mgVv{`S_#GJU_r4S8MfW-h`Kl}O+qbf_aPF(%k?_%fNI5gR?HoW+gV
zGo4)dYn*4EdMEXlQhQfM+8)@pT}O%LJU>b+*32Bhz<lK#hO@G!wew^f=Nt8bc)I1|
zT%gR2{i(+F%_KteVJoP@va3_H*v$D!YNVnwWlL(O&9`^xY1_naUUOGUaP*gs>k*2#
zV9De)0-?8G4IJW7P#E7Dqj>oKH`dyh5lcyJ$K>qZDEO5w{QRDcu!is>s}6?|NI)~h
zt*J53q%M@jhzP_sb{7&hUUgKcr`DzhONOB7b-Dez>b^LJ#J%^ScUn-PNoMxU6tZ}W
zFx;9KM-&wUc-H2;X<;h%$}MNkOcVbFU{`P3J_Vm>G9@*A^ZFQT1#GT;jVFh;Rs>+{
zF(E92nJ6aJ4!*yh==3zN6#_Y$d64IH;YK`Gd|`F$n6&6o-F1jdRs7bE*+8_qbogrU
zvZ1XKEj|dX6XwrH%U;cD86si<RftDCKqa~)ntYxRNd8^s;|AoD{PD7Q(w><Hr*WI5
zseCMMMm2&v)9N~TIe8fQduCp(x0eJi9Rh2V1Fmp9$L1<prRD4ojns=wZs3^AbbG(}
z-EY*y(P4KIW5?IDxS$%b#ILX)R}|HKPpE?xyq~J8XzVumxO8<wtF&XUeA26or>zSV
z>0^Y_@pQ(1`>HYV>W&X!YeTZ*1`8&}T{bbH9ytjHHy&EE$Muc~@YcE!^XhuCXHnSg
zvg>hM+&n_!wf8l{On@MsFMY$|;Ub$mR8flV^p%%Uhj%!8m($)S^vd?N<=<0X)XiEs
z9ExVOGVC5RsK+p!=qc99D+brAuh^n0s6!WWnHNku@3o_U9iTThE0^~ZS>xmu@^5vT
zG%Mr||8gx-T_zrmx>z4>@AaPT!4vzOa)vwYTr~A(>$sXbWaPB)4(8L|Cq`N4JE!P_
z_7`4@#wb>o=9tV*iy6_KSM2%ob(P7M4-@gZNi`i9xSR;h+VuEp;#R6l+!XmHyT^LD
zJ!XAmIWe4ITY<YXV`q_%{-=^b<-8OcW}-c8bet>Wz2X>i1O%kE+R0>>c$3OZ%P<*9
z4rFfX$p}<QNe5Nt#8PEC`Q!B*qZOw!t+C<eA9$<7Es$b6gN1i!J=dH7ck<fTz`c&+
z6;J03evK59sf~Ej2ugo1C(4xHU#3#71ksr2EC1klMfy0hy)FeJA)=%rvNKt)`}}DP
z?-g=TBk2m(oo~^OM<brJk$PLHhbChD%_TCMTR{+9$l1}9$TKJ10_CK~-O$+V{LBT-
z-)gk}JN1oHJE4}KI~>|92Qljo6Ksrg#XH`v(obk$$vbtSkgIyP#$FaEi>er~fE^)x
zLY0{qWo7}=XHA-<ePLGvGRo5VlR%80iMk%aA_RuSuB+!#$DK^)D?gm9XPOkOdkMdm
ziRh*BWg>pqbeTBEG))xR4Y}7o!&I{;?FlkN_u`jz-8rwFJBAKKL%~5x^2fM3w8v?}
zd*pdF8E+hM%^Yc4+0(0C+7*|^FT6-Rnf$p--2an?R@#%3B=n*E`_@C_dZ`xO=!vs<
z-u|6@O#dyf{G5`o8>tKf$syZ{KH`L+IhfZiu11hhJCrE7JdP#?WAj?T(FjnF3=QX*
zgF2@{Hyjny1-c5Vu!ljAvd$Bqjj}R*i!k3CRSwjbl!6ZbOcN4{B5#s4!9+heo`J~8
z@xw!}K@GW&Pjj`hMR_QR;;gneXSsV;C1!8m{`e%iC~YgIDB3P*D;9BSe42AF?)bQe
zimTt=m}(a3VJam8RFJIV3M&s~N5V`lkEXC3IxtgAs*rTcvLVKOUiqa6PO#OulVZ}i
zJ&#XMx2hBUS7=6WsChnnp!aIeuO;e7yS;uv(oP}CZcRzsjCjv&ZV%mpq`X9{((Q)<
zK|;f+v?}5e*D+I=&YK!6pGCNrAo78)+nMv6qv~e)ULlkg(%Rs;(8~{7xOX3$#*>C}
zP?OH^j(k@CI_Q~+8@T21LF0ZrMGx=RTEL`9$;*P85c~p~cvD<rj__m%FY6~iNln00
z@eZ_M;!I)_8$nD?oy1Q2&dzaE^bQq$oMlr*+^Y5D&C?gr=-s*mkz}@$o&qBz8a{Sq
zxywaE)*`!kv%w@Ljh}JVz|?c~Bwl*>tD?&c)?<JuLV)#*_kPL4_bq2Q9S>)*PKgoT
z+b<KRiNDYxLzc3Sh?boBEU8yc%|hDjb+ztiW%lzepQH>kH86V`Aiw4LlfJ5QEEy*x
za_4j_1ZzJ-eyioVq3*wCoZogNfZzy^b((zgS~-C%o(7e;_Su|UnGao>@x~?g)@2a8
z+4~T8UTp{qg5#1BM(^<tKaGOcf!U`l>RJKXy*;uT;>HZK%csSQv_EJyo?<(INL-+^
zH>_o)9%n=<7dDLZswxJGjEF%XLLjH7xNp62w2yijxyaHoN*BW`^T9(<PdT`09AXkr
zItv=L;R4>C^odNUZ>LgkNdawfP!~^%dHsO~9LPoPN4^Q{$wsiI;LO<wR`0v!EUG1m
z4YY0g6r^#d1v&S!AgNMMJ@oqEvs4uWF>Hd)gt*(FrC}gYS?a!Yi&v3T@oyRhy*eK-
z7rA``ox|Gr683n*t~c!}u}t-y8VRYhQ2%jCQMKs~A|4CUP-&+QGQ~`&MJ!v_XAG36
zdo+RQ!(~oJJV#cAY{q(RCaeh6yJ0f&L|mQc!rN?-<bcz058DE?)Z+zOC8wFVtAZL=
z8n1W=%`j$aNMD~(y?w;IJiVWGzsQ6n66ad?bV>Ue!aS&oqDGO_FLLj&L4b*bNj=in
znV`>zka@br?Fm?h8)wC3Ao|RsAgKw~9&)|R`g_K6JWz8xZyl=MzNIzB67AQ6<FeZo
zcs-Te)@>h8>Yuz}HzZ4~tpAKOQah40k}lG7U4!P55ubm4J+ifM7%3)K$8kQX|3Gi)
z;ihkTsm#?;Mv}Eu)=ABex#vU@35FR(+C!10T}KPW)|HN*525zdMKgZEi-wg*{mWYy
zadPR&$NWV_)Cc0y@Ci`LD^Z5KX6{TqWzpxNsN#VL*mDWxs9iDG6wqE~WBUBB7b%V;
zxMv;Mhn(RcZp%ZBvwc#gez0`~;<1_~L$#n0Gnt<==T}j^fO7j=<ixJ<qxx~C7~+wF
z5G*v{<SgbFuSRA&L1UYFzpE|$(OflAcj)z&AN2f?8*DDAw=~CiVxXy915V>FvXawK
zQA7#w)K(<kEN)ONQjPcsy+y^L!Ez$6r<v?5Aq(M0->^|Q99ok2K?jv<n)>Z%nga4w
zDIf`}F!-qTDUdNjRGWlai-r`}MM8cRFlU6oB{BbG<NTXsk>rrCqwUdri|EI?%H4;D
zUCjJ5owWD(OAGCTXc-$h$Zs6FaM!rH$TdPLxp`;>G_4kZ2G8@N9g|!CP{^S;%WV}1
zBpak3wO<@P$4%l@^Cm8pFDl$w8WN%vIoxr|?|d<kZkh05X>g`ten>xl748|l0NDLe
z4n}lGo8?v50T6-uA@tbP5*=41iSmM`+Y$yE8kbN>MUmZ#37QhrAVw!+upq}`U^wVq
zMa~BIC7w&xinN$tztw;ufU0i+d`6;9`D#zezYmNih6M$k%zpBKt^XrF|H-naJweVE
zeWq)x=&C_S4|8}#zGj}yUqjbOBOYqQWh|x9M|4|S&1xCVhWuu5mVR~fpHdVNWouxg
z4XYe?fR#KAoH+0l)WbaX)Dc#+>3_=>;H~ZHej*@f((tFj3gSfIqJtYe75%*bsZS)H
zl!j_cvu~~uLA47^EMQo0ku}6!x=UQbF3$|3r76K_w&hb%viR8eV%Z<T9OJy^ik40t
z7bfC>PVAbm2H>xcG!xX<4VE$lj~9YH=-v%6Q7|6<ROO~<o9SgvKdI%j`pyetiF~#T
z!km_s=D+Ka>Y?Xwbz+6C+jfXM-5z}f_{okrCS=)3mE2@Q;c5}uXlz?v{zkmwwRT=B
zK1SQH-II(n1PMeaoyU*`a+nlQBza11=+;p^3BIfnViC+tA)K%-aLA#tRWhn{o5E}9
zY;-@*2}CuatOo=v=_!!)jIZ9G2R$4%p6t}}#u?EC+u?k6SAE8{_#|!@j79_wZ(p+>
z>y;>#P%7}=KdCm1rE+{oO)NBh0`u~@U*cn5(4G4JkB9O~3N|K;Vf(VKX+fcAJbfeW
zp@FpLVL;34F;p$Hgs#>7V0_sk)f5#?U-M$vEoPF~d%3o7J>zjHxZ!55)@`Sy6YmO|
z$?*VZmKMr-fBcpP%b#Jb-V}4b7?=F+{F{;DU{D<HPeZOQOAD|1hq{r(tjw)^@+kY+
zO-&vR{rb&1)!Vm8mUQf$-*tzx^1kAIgN)1Vj*?5-sPepy8BL4*_@?QMT&%&I*GgNR
z{}ni8QhP}kb9YihS@k2y<TpPWt!Y-$7#8YAM>%`ySPj3=66!H)b+aRPgbT7MXZdP?
ze>Es*sAdrlQ}a)I@hiLXTg4^ClOmeP?8LT%vOqo4z4At63aovD{&iURkloY>eo5Y|
z^B^k@TumNPk?H+iL}TynvV?!nj4mzBHJJGAR*ghd<xv-N9d$#d`z$lpgQu7~v=X%U
zMo~h26XK)MaZCBXDRx)I@?l_oB%=!l82TaHm}`qd_fEm}JC%vy=qJLuZmKVboRQ%U
z7Bx<WM_gUWBz8mtF$pp)$F`ZZnbK==*l(dWi-VIdVy$wJLyZtpXSkq>(pjjqe`C^U
zN{fillt*u%t(gg*v?HiEgrP<!RtDx8<#v#1J>Y##eK^BVBBC^I%-3jEW*~|wIjZ9d
zd1(X=Y;CHa)jX-#4>LA|44^XCj4}bpX!Af-W%D8Esd!Jp%jkZ7igH;zV><>h{ds<c
zk|h4NKM^zX38<N-MD#|D6WaQG*5QiRGk=rsI&W?NlcJ`t%taw<l6s<-V|T!(p@01M
zs&$JQK8~Mdxg~lFz8N45=MV9baAy#C*`jKvZWMsa$-@8l5v_kgZvPt);Qt*8`~TOC
z5-Y1e80pzBTQBNq)@PmxPO0ci&fAogK6gDGKewKT&e=E})U7Ge)5nzvRGD47a8%Mw
zuTfA>$~}!4@%P2~`g+&JO(6BIIE+eq`J+umURwRTgJDa8Bc>^JPS-URiVFm+8pJ)4
zzvje8PQ0z-3ed!46uCma>Fbv9U%n1pR<!Fk0HSr7tf0|VIC?I9fdCF?yRCjtw%(m<
zO}{Ns`QP3%dC_N`cSn%*X-mzsTp%GApiYhFa_`{8@0XP(FSJ=MP^sN^47>(FBL*kH
zIg)NBE$63O$WzR90VBq$_Jcus3Ialj*d8A_82(=dZ1i`)rkOmn_ug7Gxf-{i@`HOP
zD@~D}f-|biC;LdRRya@#>Tz3Vi#zGt4<GB~N?&!MaBp3^&P?HJHp9?f9H^-;IdWmg
zG>Z2b>w^0JTL-GQ<w5|^5`8pf8K)R}+J7_d5*cN5o}51bzs2|N&bJ{&3Eu|OAN0-p
zFLGplDp>{qfh!D(CssyZeVlT^wYIS9DVLJ?<?-9~UZKI*?XnMUxC8U%hw=n;pI3*I
zWg@4-O<t`mM)ywKdX|}1uCxfRpp|8Q;CgnJQ4Mj*%v;-6W})u_)OK&%Y4ThQJ^tqK
z+?mN<2@MSJKb<LH0%=yCuN-2Ic^pR{qsA2~E@0BYe}UA>qr1th0sK(J>Er~N*!NK-
zYDE+%UpeIb`itJ&q-1P?$_E}a^e+KU@d}%Ssuc*^52j@a3_~Q!MJ4;~7Xy$9<JfdB
zp?376IZ6$(_#RV_j%zMl06uels;?>8nI&uBD=?^e=R4v7=%to+i1L3i<SN-en%=Bs
zZN5$g%FoU&S~Iz0{PA9*|DSs_{wErwEo7Dt^iB@Pb^8GD)kZo0pOyU!2nwgc7!ZnH
z>KU8}S1C}wt-<}#QDIn(=>oak>@2anYpN*{eokmvINF+mk@L-l+~=YFFr;G(4b;6Q
z>H4;Ba}8L`IYkv`*f!y%^Ydjiwxf7l&ZMMEQbH?FxXkDG4NG91cYLM`J=hRFP8E7u
z>ia~dygCAY|C)VIL2>Y4ew$-7@_}Epn^H)VPmnIl#RME3Ab%JM9<xn?I(J)mU+LCq
z{8OnKfir#x!0w?Um#k&h@45Izr|~DHjZVb#s`=PB<lU38!n<xQ1n(tmX$Fi)ucL%8
zpnG~&`L{gUMI_}`&h-DJ_V`VZ1A|2*J>ou&>cY37XWyU85KiW}V#<l0_C}Zy|6+_^
zQH4o^fczXqJn5x^_(!nIC?t5+ok6J$&DAFqzOTDKm&hd{nL8c&+2<UbR>~P%pvfEq
z@1z9p$TFt>)<E(NEZ;CFiIcL-(a+lZa4|<4-Hg!0Fcuxxd9L0vgWI{%H*{R5nf=T~
z%6t|k2hSZ9FT<|8-p`v<pE+LT>id!55<0bK`5@0icP5xP>={xV9|<wdlu{ThXnof7
zB*F^1)X{h|=6Eq&X_9=jf-mt%8>*;4$06I$FmqMEfFy+m!f<t!nc#Sw9{S@r_~YaX
zfFv^jtHxZ5ML(PtD61i4&MbA~6RQ7V3AJwZr2yx>Wc1J3y%;(C;Z{TUg6gLtkp1}A
zvLe;n6bHdlyVO#a;kKoeSVz+WW#eW$`{~XggOJddX10H)m)>!<_+I7Y{8N4JX?U>O
z^vND4bz4=Sg6mnEbup&-CH;pJQFgq8=0?L4TKpr?dYqEHiEKx{O#!#BcR`Kaj}$gf
zkA-#_df*5HwH(iv|8^*e|Jh^Z?tE>Q7BOh(bLY)M64F4<uBXD5liSn)GHAB~mfQUd
zht3-^B~Mud3(|2Z%43DB<m9i#E7A_*M;|kMQ@l2;mdevK^m<qmN`5L=bS8UoDr8e=
z@p+r-obDd*kmdBtnXzrB*vnMS+u-=VHjnme56@AHv5SOLXrHFghj{<oZ0z)7vOb|O
zEXK&at5J8l)m_sp-`=5v2y3BhWSOgU7u=Wrict=5T7B=Oz?w_6{4#5GQ|0%ALRgF*
z0{nK|y=DFDBgSTraX8!3!@Rc7U*XAp`3%gkPBRWg<Wqgg%ABW)dQ0sJxbGj)Kiaqk
ztl@m91Wef3uc?<V*-e!TY^U>+Qu$Mtg<6CkdV6l=OS>Ur-S)p)-9!=Rx|Ev5^<M3q
zI_>0g&2$QZ9dAsApX<VfuB<NRV0GFl$AmF-fgzqDiB4I+Q`7o8MZ8{D7%$&^`eQ`O
zawKuq@s_L0&rD0$vCPR&7*eG5aD{ktJrw)G_m;xT`-73+^7&2AZ9H9Lz5k4OXqIw?
zc?1f~STkK>diQv|^GYdwgV}q0VsxRU$H{pWF~3hx=?`CDS*Tj?C#lZ(q3zHbo~tun
z!nv|O0=aX6!rQHmPuROK%|bB9`zRsAd!#Oh!qsDB_xI|R13E4?1w7u@E)u`#GnkC5
z<+a1(grePu!gtv5elBy+)L@3VGejt7roANt*d?AStIPg(Srlx=Pn%_8_^X5-cL1-<
z$836ChJsY@ugr+opeu8~N_CZ=vW$riBU0b)e%-37aWWW6)V!QRn{V>GeC8@p;j1WU
zka8p@FB-<e5^k|Jdjn@N`PhlO&I;35-zjre7wP<vgCCo(+o_zNRCQo~pY(&6sARp$
zY0}QRp|^Q*__r6^#V8*c@M(cnejVTzqfI?pWGLTgg`@NFy^#o1zmuB(cH$6*OxEG#
zv$GXkbjsXUd%DiXoZY?rNyJ({2SH1VUi~IDw}CeU>DM8l4gp>vS5#|h+)J{@=Ot4!
z{cpI_j{CxdL!JP2fQeMPYe9D{&!3%OjGG8Q%1mAaT|0dk>#cA+F7%if%=H!(7dYPP
zm{lSR?Kt)_Ti?Hw7^5Mi{T3tK@iO6&%apDQDmO5n^U!Y29U`SYbiJxI_;mhSH3fvZ
z))J%uN-qn%8li+qCT~AKDF5Z_a4gdm)`Vyr2uqeuUfP~->5%PEd-{)Y%`|h2)!8bR
ztad(Z=FlX*7yRCWmQQjwL4x7K;-MoMaxo;Kx2l{Mc4XkvgFY`+Oo%vx5AlX{?PT<?
ze1|>g%OD>5OiTSivYm)&jr4T(K>OX2$kTq2qEGvO&;N>E{mx|=Q|K+#fAea})eL*3
zWBL>B-M-yhB?Gt$y`-<)dVh50HcIQgDjn4HGauk1lpfQnTn%LjI~%h6)+JV=Q%xB(
z=UZG9NCT<!cQ&x*NIc|XjQU0pt>mF4e?6B6pQL20SqO&BizE$GIk)pBX;zPmM=EAm
z-vUvKs8`IbDc%Lj5nw+)Wob!;n`3gS+HP+fVb1dKmF1HC*5{(_!Do|3F7;kBo8yxz
z%j}+=n4xFCXAk*<&+HHnVx}rew@rQ^a%eHH6-JZu&u;7wds|O0-S#qeei*RWHtD7y
z_(^?e@+r%~Eb658N>xXLYhv2FI;&bfS`{%Bah2c;lal)H>AEhkf=6cAn$BJY_y#HJ
zNuLZ7JPB<(zf^6u7Uh|BDrPzMu%$O+8g_a;HAPiw5T3@K;hwz&=Mj=0<e1&y?Luim
z-m9*T-yN5~JC@sO3}y4HI|ddgYm@1!9_STqiU6gIqxx<BJD#!)Zo00M`-CKG5i8r9
zDhAF$$%F3^i669;pD0Py$%3s?eHrCzwIl;HfpJ+-T?uITIy@}30KUZE$S|Cm2ldh#
zqKa&HINR`r4CLAD#?}iU$L2T0n*JkgL}0qYHokbS?VU5e6tdtf^<ob{wR}j;dbT<B
z3*$R-&F~u*Kk?8jPB8&>x|C~&F#Y{R@((;?vI@E#Sd4}orI|m#1=hzzXE;1($p`ma
zuJhD55?cq14He@@cD?=1T!~}vg~}w$pMFzaK71s+kbINEVvpd#+_%3r+vOoDzB4=B
z&j;nVL+Qp?4>V`<+r?sf&ftq3H;;2n-iixJX}x;++%025U!7$Po0SM;qP*gGQjTON
zPStQKuE$?EUtr0?W77aISHMdx8~aCd{o#jk>L%XA@WvWCw{EA-WTto9vH>6mzwA0I
zf%Lj_3UZ6%MPCnd30f9xdeeFoXV~hnyPvAYV2Q86atM%gt-(AaozkTf>~jG-N58_z
zW_rC!bTyhflu*&Y+1|m7y)zGOrMVIg1DVt<&<Ll1fb2`{Q6twUe>6&me6Qa>T~YX{
z8$lkkBc`hmPdc?(DYX#t8;f`gG#3I`)lWYV`x0%NyM;-4aXJHh%^Yt>LJs14Kb5`L
zE!TS+dgtYit7XC?2kBdLsY&d49g6IxEoEO9IJ(%FU8Mgo^msN2FD5g*d>*IGQdHmm
zL}k<K?>hNG=|tyU3blsp3J_MdJa^I!4e_@ar#TjVg%>^*`@NBKZ`cX5o<?uVzN*$i
zBMf}9B&~-}AbHs|k{d0M-+A@tj`;zn4T`ig%1KiIggQ(2jy$Sq=XgF4kv+ftHYH7a
ztE3nAotO3=W9eO4)XFD3C!K*sVC8SRg#HA~Kj^dHEru&wWTt-KIxpukg9D*C9tpZ5
zHot#+7)B30Y;E{@?&`F2TILIHmHbTev0iRy$E-~Td-Xd!M^IemPEGjIF5V^y@l}IX
z{mo|;>-;7r3at0)C~5`&=^1hW?+DF?i)g?~VSl5W0goTOqNh0JUc;W_99+|aW>$#p
zD0KYOH8~q-gt?*4X=kgR=A9&9Ew(qDDb;S^&q*qfC!6LXm*U5(a+u`qr)mkeAAdSV
z%Ib5)fI+ksQNDHV>xFiyaSc0_;R>K#WY4}OEbOY>xsz+I-)ia$uMS>XXNUjj1rbRp
zx-8TuY`oUo(ko?Z;zFMSsda;K2Ze|gbK6Mq0X?#wybw~+Nfl)^VVE~A8|t9k=*+^u
zp&==69UI2f;IHcsaiK_PU#FMEByxzz(lgUp9K}6A5FFIfE>g%fxSFKi$0SgaK$3Wo
z_i*6qy~iMWaos{@Ay~E-=uLGK`<{<ZmfyFvE(X+DU*Nuz`q^G<*T3rv$K&|W(k5;>
zkET(lZ20j^DTkMvef1GwPg%cI{(9)RMW{lUWPqjoNc^#`T6jKbdd5!j--Y@7_V<!h
zkskl0A7O%Pt5uIhq)UZJCFtdUyoFqHrdDTZvXqvkoW=3c72|X{6gj~oi)>^^p}K^9
zeCf^oiMtS)wfvyx8EmU@_3@-Xl!NM+V)*XwY#d{cbrnqNj_^)`v$D1JmRj!WufcE=
zW*rW>tH+r-h)Mp>GeF==;KxTa`#9fzTWGs^WAX2Lt2f%b_qXc^d_OU-#ZvSH$mpiB
zjh<2=0KLL6CnonN&%GRn+6e=o1o}r4bG@wXKcDk-nJ7Ez8V_!;Pu!EgNEZL4cNGJA
zemyLihtmSEs{h-!K$?NjD3B3!vD#iaE!^>yVx}m&`ro#eBdRLSs{f_4`*(|c@fxos
zBV1y8vCMxNf<O*2<k{Mnq_2q=7(y!FW9e6QR!;Zurd3fzu3s;pgz3Z5GtH<cn%?Px
z;Ud!Pkh+%FFVyE@|6jvJW5&)vhh{xiq+z|c(2*`OvV}n?F+fAH#`fyy(`T;%)Z&7d
z602AEBqm$T@#TOYIN_F5Y?(pnfSb>A$BMgKJI#yqni&FRba^te2MWJTm0)>ZU|Ed3
zKUQKo2OwizS<+l<oU(YY)P2z>v&s3n8g+&Q+B+j(R+-%x0O~oQZ+&qCBXqKCH9Nvc
z?GEsTIOBY`CciCLcb?uq|HDf-@pCNjJpA)hIP~<eChY8VFbkd>4o#3YsAf>)+H1$?
z*njq3^wyQ}+cu&TRm82P4rXBkiD$=1U!Q~3AA?y{wEzJIy;)uzOGZWie89)-ydLKG
z@h3^S*ktlIkxITdAhvMeu%L}lKbE{#HmL{;`OB$cTb(SwyVqI>{Z;4oD;PZJGa#D+
zHjBa`9(mXoa7zH^4jV)7xK{U(u(%7zWBEyK*ks^JfBaxp_|M-A>K=V~lys5MK7qkq
zE$q#$o-lOb*i8JR^H9kZtq#SL3N#tiXFYgV13+=U;Jpz9fvI28>t>hpygp!{jSETq
zK2wgxcNYyRcTDd>^T6#WuzR(uX~%87Ki_fkw}531*fmC|`_Mj}L&s7c;IO@upbzPJ
z%@?a0x$MLDwk_G9M2qG!>%$LQ-H{ZRZ44qBT>zfO+CNvwhPqBx-q${hO70ACMC5Y}
ze7M033qM(o+t<uH06>W7pM`3${cTN)bIsf?p)SJfIpTbqKTIy!$@D{Co&C^?FcMd%
z==0|pJ0f!(KvP(bLwloXtN~g=@etnyd@;LFXRpb=Q17VgJL{CSCPVMUB||x}@GPL~
zqO0|76EA0zd2J`(G~49%e(Sqj0NSeY24xH~1O7r5PFK(6n&{ns8o<!b7b&+(&H!|Z
zoQBv$IR~eX51L!r(oekChiN?8_n)wd*r;X!0GOH3Ui|V6F^7KdbOqLJve`9-I>n|g
zTNt>dv(7tVvMN!&>Su%d0vYNiyC#-zXLj{RYWdcZJjP<|Yb$*c*z)V-4Mgy&QIT!`
zsSH8@7BnNdcNd?phrOW!NkmYN%OEU6_W#MvfSuPYwlh>QWBtFqyXIw5d7Lz<1T?`d
zbh8>$zk>HVSevB)!eWb(077_HeM%82UDBxN-EJ6rZ?6;YE*(Y)FjJxkVJKRg4#T!P
z97j2s<=ne>&(z~Oeh9xBWY4K6)L8Ya&Nk@<b_NNQu@e5fb1jPCAp#EbKy#w=W&I$W
z6*<;m0@d~$&W5^qhn>LHQKau#g{nBK>%4V$xTl<D726%mt`EJwQi}X0I~M4%GgpK7
z;3xyWG(L`lyX@rFxHa{NPwrnZDogE^<Qh9OF^hpA?gx9>fm^sr_3GJE`AON%ZA+|N
zvTyNCq0R?v4q;%&Q~K|=900Y@D>v@Q`>b^9z0<}`lD>`U=A&EPwI5pzvGqA!u|tZN
zJJNwTM$-BG<dLSOdK?26xNn0hO(;oM=}esR5+MK`lkvrk#*A7Xr@wj`Q`x-m4vAx0
z(frVV8^8ALAmnzcCpW%Wn|tJIz)1UZ%t2uftAJ%dh)BV<nrvIX_;6UA+m{zO8?9G&
zdcpvZ^MThq9R{g$P2l7XZ;PfS#C{01-)W%S`&t08uin=l-jqGB)|7hIqdlwb?}+Pp
z;PQS1Uuyn9TXmY17Fh?oLFY|3&4~fRD;^Otj0jOj37pj=kz8#k+KS}52PZ>8xE{k_
z1S!!mQ+rz6fOqQFxPwJ5Q90*rU96_b9vQnEjKFDYts>aoL}_-NfVQPOe{Cj1pBs+N
z0mUPeIwq4N1=o3MpKdK>dCI43ht(-HD&E!NqqZ@3joJ}Q=oS{*(FI6luYMM^RFji5
zE|6`N8dJa^2$8y}Yp_V}IBO=(*jCE1#$?jeIt2Tcqujlpw(Leq6x*!Yby)*=ThlUQ
zG7Ne_=Ha#!{(Fnb)`)GF^gyoVdYNx!21iu;wqlg6HpvkH%EChLzFBFnSumM$=G<C3
zE8a`k#@U!uB6zD?!N7SbXK69$UfyM}VN;ow3#xO{kzyEH<p{rmPj%m(kd?9u4hb7`
zyc52ig3V=CEL_SukU`a_%zMNRb!Hm-&-h!MD`c8C2hP~@@0`i6H^*%I-<e&>I_Q9c
z|2YNDqm$m2*k*l`<u|)!_Q3USUZ&3#5S{n73rC_)-hSvXN;veoX<MvI9%5ktNS`E@
z>>)DyG5xIcmOddp82dg}UF`eJH<4|8A-FeOoF$mz$4kkbcH`zgohS85DY&(I%T99S
z%$r;xp)f{cD$8}c%+Q~Ah&=GcG=6mP(7}egzyZD|7&Vl7RG+sUmL>>=ot~^vS}u^Q
z(bb2M>P}`astxF+5QOpl439Z4T~jK#SM#(ECUd3KDw-?UqSS;zm<uDuH8`2GKs6ZF
zFc^#3V=jML`EC|Pb*&NZ>oTQg5ynBTX%<eHuJ7Egwe2!um_>cnil>IX*^=V<Hshj@
z=vx$u^z}QNIdk0+O9@vZXiqs=U<tQJhJ1~-6oeU|^V>4RmWH@xpU^vbeSn`;=(gZg
zOHQHe&D&uS$HSdobYmej)iV~AN9)Dj-|=ocCW3O5fw<6RBS$5<io1EGfLDP*m?duC
zMPkP5P?BBe(YBbiOv?e>XFcU}HWVTh``h{Q-d#7TaQT1{>=4{3Y@w*qJ7vE4FncN2
zq4d|O#d>i0wwzGcLQwdFgCR`wBuYd{Xbi=p0pkr9FpAwP**^A2v7~~1@cOQ6+v0jg
zgV%oaXyghk6LH<7Ep}Y-*bk_O$xdpQFDGqk?phs04X{2uQ1T4<R3uaj3Ju)<Hr!55
z#WH}2ftss@;kGk{kOtRY-Jjb~dHQHtZ89&D$b|AZ?d8KQQ@!1MMM@p{5B9DEhX&6J
zKCy(93zwbm15cFNvd-$7<5`VM<oZoeTyIY0TBo`bUeOc$ROQLbb2EDsa?Z0f5jhmL
zPu6>}opCs3Y(%Jo1(t_c_(C!_94av6*>q2>(t8At=tL2|)@2C=w~zTv#}R_Y@Jk_#
z>YfklXLaHqVNdomZzhQ|OmS{m$#0c6LUC?)cU;cT(9JKcQk1xyEUJhmd$+s7YUa1S
zoZYg{v``J(Vz5TU(PQR>i3*UQCDx*D?{*spT9%`<?yt}G5nQ+I5MJkOt82$GNA?JX
zp%UMkL?H6k9c*!LEXzgg<D6#Bbf=zhBAwp#ifEvsaa%IS#vf1*{Y_$z)4<{90cePm
zK&nzHE--aF_^F8;Uj=mIgXXxA$IP+lA{6I)x6M@_;qgyc;Q9KZM+%g6LjklgT_X?6
zH2HF<_*v!N)=;V?m3G}&;169}>B_F{0O9=OJcwz@R>GRId7l$BSPm#^FNI{IDYDKU
zJv~|Zao$~w&DsDnT;lf^9%B_9Z#7VPlm11we(U>!pbB;<bFHOq<|e6MCkf4;`UA@q
z!btdXef9HC^$gpNeoA%Dp<WJ|2xP}TrxP;QnF$Ebf0p6&ztFhQVGll~VI2RgS{QX}
zPMWUK0qWf{AyMP&<L|hq_+0SSE&KCr^ZQ_fLJ3-Sve@ykPm`_gJEuVInQ60Qw_Pwb
zP9Rn4BzI#Mi+nrr;qHTQLckuK<DPrTak7%sf9|l#YgwxZE<8Mt@70$h&VwyA(<x&=
z>2MuAY_=`eH0v&;bWP@b+Yq}ecFEO5^1@TWbjju(7TA+!zrT@_(7B2T_2byVSv(5k
z*a)eu2K?h~>T<?@3$p1+mz{Z3Y&*B$4gKc#3Z7+`2)L)nDVM4#Z{7mfSoz+Mn7(-`
z_E?`2BqB@}193+Vji}~3UGm|947t#DLc5h^Jv7tD)p^Gwn;_eAUE1(sPc<IZF9Q1)
z2iNF&QEA@S2zLZXP23W1xP&^*4la=bn`!PwL8vz^rT#4JFebgTn|gZCnI{Xn7O2YM
zze!W!)HayuajIf>i+l9xj&C+=1IPMhVd5H;)T%^G=mmCe#Cq1r82$K1CLc%IOrnI#
zWdHtf>SQ)?MZmO^PUQi<JCQ>=-}P?e5P~>b!zo+EgWIVKnMvf0;8XE%zC3*HRdEub
z14|54f8K)sj@2I>w1iWrJlM<R8cSOhNoeygn}5(qUlvI6H%8X)rMkQcE!fa|S?N9h
z`zSdRB3A4>%A1Sq^&Rlif<5d=^eKg4RM5R5q_7CLwQ65D11!pEcqmbD@BIe5SX26B
zawwuQ^hq5iqN^RSD@?kiI8bKM4DVV$8T`GP3%B*9ad}(DKJ<Io`k3^>-Kii+JrZqB
z{a`=%J$#m;&<w77%Lfd^Y*<(^a`AVgi67m;0knhAil{1V+$*ji$kw6C8xg!y`p(sf
zAzTzqYV`uN)h>C#;2Tpn7TxTPVv!V`LNm=i1ed&9O=^PVi*Bw_E?Jn=JgG8N?r7S(
zMH;M(T;=4k=w9QtT=lks*p<ex2X(VUojT*rp`1fa>1XZS9BSB1H;n9#ZkSTaw(Qt3
z&lJ1#?!DH##z=_9mXI9hjEg70=HG8i?E?IbLy-P>Wqc>7>7r5W&ZM=>m=S6R5s_4#
zZ*Zcer#V7gyGy(wm%OCXxmYdkcF~hceo-mA!&9>q#}}&SSbFu3H(wSXv4$fSGdpBs
z@nvI1h*Ycd^Nggng;7Rtrl^wD5)~wH=6bjbg?M8I0y&iBTg-JMk}N|5CP6Gr3u7^g
zbwf1|y>_jpgGF-*E(pOMNNiavh#M{uJk<o<5|OzJWJ-z~bDqOS`CQ!CoIqTyBlL5=
zPLITa(!0jk`aQ87hFR?w3ma-R+h!;jsyb0Vg)C!@a5b$cIvttSH1xG@FB=2v)K@^f
zW><s%b1ti`auwebxS}S*bEhH-^xlcwb2vw#87PltY*PU~a8<UzK<!>dRBva|vEi1&
z>Qo}Z_t$Sv**JTs%&9=F`+!$R5xH2KJS<i@<IJIR+Y14wvZ(L)TLNVX<#8?8&iqea
zuP&TygnW}V=FJnbD8<A8)iao3d<-b_*;9QUb_Y#c0_8_=4QD6w;I5=M{kX)BCgKT9
zY2fJNWb36ZYp9XXkXMHzYGmasEsq&1lYp==_|COuvN%*3iYh)HMm-FlU$<}0T$Btq
zuG+@DCG3yn-?dA$#kTA#o+#Ykit01Sm|lE7CPIcv2c`IW7Dn#%HJsNWle@q(mYt<+
zRlZkHN|y<KqQn2{lT*IbMZjm?afOD}7%<*FdV;eu-=qcfQ$_cgDK@s14LEm4gY(KC
z0G(gT7j>3bcf2I;>V0%lF%AwblUll2DnmE&v8c-Kf2j}qKSK^FqTHUYy*msr(1)|d
zU^cafb-j)`h!&8<gNp=2&O}Ae{+Ui=Q~Sgfb0f3J;iA8O(*{ln5>i5@K(gZ>eFFf8
zUWkNCFCaYX?Kobzb$YnLe2U$<MM=lTxDbLFsqx=i7|b2(5`LQ$Bz19<aWgM1pH40{
zGoKEf)IxwQo2Z?-G;pSPp<DvE6}Nh$7!=vCJF|w_^})&HA8tzA=cNSTfe-OL?SYuy
z?V0*MfEDqVxNyO^K%e9HV8`4%lvnll)*a3C#Q;j^GJ3gBWcvJUFWgcP5WHOm2n;l)
z&F)u#qu%i8_CW94%>JcMah$Xd468o$9htOvS_c3krTdRL>H%d4`up9){xc(hicw+w
zT@FAlvH)373lb~`^wP{)*Pq)n-ac{<8{m<+P@b*B^GpGR1R#N2%Q?ExMbTq2OBBer
zIC>;6bYz3i&OZMP0Q5pO1xeTl)rjcWn-oltR6gB-{f`E>BrbD>pjGTYK=M?gC)#i~
zGJ$hALA~il7sG(12&&$6LyH?1?1>9%!-c{n2GC{QryuW+<30oI{QiuLO--yA2}^{n
zmHB?88NJ}9MEOD}^bEX4B&Pat##I&sk{bB62QT}VFX$B)ijk^BH?;o=df7{Ux@%*+
z6!x2nE1Qo^RlOqz>ZLJK0drx=lDZ-U@GlPc7M1Ah^ZD`v?g#*qD$2D(>yJ*1>YOd(
zi|PraBk@l@uw5MhbC|k4?Pnkzd4Hm*-+i8<9&)-->LokP$`rFLEg=*|UFMGwdsvq3
ztH~9^GTfZb|13&bqeMIBI$2=kYgr`}o>Dx8zebxh%$b)7az_u7-1K-Q#lyM30l+!p
zypRLwSjT7HBL7}CGdEroDvu(VlU^O9(rTxuvkfvuK4FTvz@xywG&3Joevsj4WED>j
z0(5bgb!{O4TZT>6=arVg#N6hUJ0~H}Tzmm#VE;iB7lB*R&E-c54{!e1jqj=|`eJg0
zfYgbhL?`d2rQ^QQm?Jc_iBaA6ML~`IP{#DcMz&-Ay)z;WFYQx+Ia`FF(*E-YM4Vkb
zmkhzJWqRcniN(c77CHDm;h}whUGUvF&4h|2IjxF<_8a|D<b+xT$@?%mwM5PY<W`R)
zMmv$I$s0ghUNmRgkKeVIfbfGZAiWBe3$&%ZY60M+cmnd7xJAOc)N*mA#k(nvDS;u;
zy<diw9B@F+Io+DS1?|TIGMuss!G8EzqSASQy}GlayzpI9xjaEFmkTB5NQLPs|7b%b
zcPT*iAc-f5TUV2xf6K=e3aInE2!K$O6QB=eNbgj&?a~4u*E^MKJ&eTege3($|9DfH
zuY*q36YoMoz;w2;ab7w<T76-ws_micT#E=c;X;arByw7ZrI5%TVPsmj>xNb&G+%dz
zGj-wCb8NdHX>6V&`T+%OG%*vy0nX-%8dhc(LRX1;9bFbUFM-64D-pt2apk7?=TU+9
z=x?yX`{nga6e%RYm(%ImGbRW!fn7!v-dA_87XGjgc(lscg+eYX7h~w`0GbW4ECoeO
zeJKBH^2rIHIpC_YkNQ%l8Ucz}f`_-1RKTCIoG9I%$oR>(4p3fcf!T(+2Bpyw7YiFz
zBTR%j1&4#~iT`*|el-;`0*E6G0p_jwzl>JKOo8Ug)}U<}?@tA*Qy)<GI>2*pq(%d>
zzF#C-FY=Q4Jx4kKkmFa$;|Wf!eEC+<Bg=*i{x|Dt0{Gs`LetyogIN+TF9kRNiEdf8
zL}&rY?g|(PUy@TF5&bzHoj2A;a#-bL$H}ADH9$1-p+7(>#tFQ%X1ZpE0QbTT&;bXt
zHv_CP>0H?(F$RtkKwR*d#x_e)PEsyK_V0up3ZC_to6E+5Z;0{wwUj_0{np)YE{S;Y
z2Wx$q_^EpPj4Q?)p&&(fOHyFcmB;M8{L$NWH6{EEVkI>(z{eTTa!3GOyp9BO%1y_M
zF<yX`(y5WuDP*U-!0<Qafvg4u^~i}gV)x!IZI}aO+O|eZeLhjWq={hw<)_T0Q6VQL
zp;I&;#;*Z0D*KQ=apS_fVi(EcKSS_E&1CiOF!{gwFANI7@ZTgED;StVBx$Lt@SDws
zc??1l2vE*1|B9CX&*Vvf5(@gag8BcQwi%=I8lc|Q0IEV^K+Na~2)1GY3SKmz@{YYA
z;Ylrqh;7feHH(%4kMvo0IaOT-U^m+F676z2UpkHM&w7P6Ho~4u-C1nIIZ{Hy`3iC$
z07>y25E+(%2tc>jMGTYnT2ZyX2aITA_}4~!?{Z(9ZA}Qkv5&ds-g5hJYf4DKtffZu
z$Oo|D<qM``mZ<$xd#%t5mLeG%$Oz8|CK5rPl2xry@Vw<@HBK4^g~Mn6k@AqC@LU<O
zIWHK8HIVUmFLz8wkWuyiZglBe`S!kVuGQOiSpu0=QswP438~p)sE*MNmlUqR8#aII
zbr}%RP67QY1!(A`AV&E`U@cm2O;&nId(40Jy`b}@e>!DX3X`vby7@i78{eCJSFIPg
zhLxFui86^FZBeFok)5Rj5A4_zaTpY=e;p_VK7Y{jcqFQ<KOCq8K-=xt`P&`X$FtP(
zJf^Ny$0QKXdulwE;+CgZMwTaPnQPII3;8^t#tt*j=eLV91QN3gV~H-5(}g|bq4~{=
zq`cYQUJ?iwL&!5%b)BE0S5tLk0R`uP(?yK-N0t@0Tm-UI&PeY`KyAKj^oQZ%fMQ@{
z`1l7Ov|kyBMQ&c5rtYmga{$S3dBzc1S=9_!5-?h=vEG-T+}wbQpVgK~&O~}n4`AeA
zDtvEnDb^Zrg;#D++}cnkO!0m$(j;p@ez+W7zoXXI2OqLbh*uH3ko~8FG<L?<0A9^O
zVWQ&A>w+dM%oLF*ph~(+dHx+x2md6;R-gbHTD8vIEWSSuGNccknbqk5B93;jB0$ZQ
z&RbIWW#?%KZ6jI*rlcF!JA7LP^U{j*-2^cCivym<dspMh@ZFZ!h-1w=`x~Xufemhz
zB?SlA#`Y7zOEk*CA|C!z0;7qsF3AXuj#zpQlQZ^wr_VgxmtG02@BDzofH^hYg|z^A
zt|-8_KK?TX<d-}LNkEeCIo%Z=PM6CSyj?r~+Zn|ivz^G_N4`IdkS&Y&KFCKa@AlS>
z8(L#m3y){!duizp(z6OCC-@lYs6V+lX3}PF@y`99a(`pcv9Tjn6`;5J<^3=_(|&WK
zzWYdv>31?WvstwOVlgP$$ls^UJU)y{{NCUsh&``f(Y4F!xe>A2BQa*`gJu?R%T9ea
zUI~@!t@D6<?`ZQ+ElA^H<N7u~+!@x|xuo=Af{|N7!6v^*A^wpfjXK+6zG{Tig`OM#
z_>(cy))O^miqn^K;l#6;Ri00K{bUUCj5)eHv(43_*x*!N?RWmy4Fu!h787)%#E%vN
z2D+7z@sF<NrEP>KB{3$kSKw1kbsl^e;=L@;S9i2@=1r(uG{49U8nQV)f#Zc0fM3Xe
z&vjU~zP7g?Jf;o;XbUsEy5bB4;g7#=4av5N>P-WuH38@zDqG9<bwsFD!DujAwQz!}
zm=k#7PC9VRebX{<E&ar3;X<j$+qLnDM7%n9qd0Tr#FDVWTDwSh76{1t6|L;0DGGoR
zI9?*Wi?Alt_l?z({X+Y@+3qvebvUNk=Mjd<5e8_m&X&;pZsvqP6}iuXlXRK%txbAG
z1xy(h!i@{M3zIf5s@k`qM*xvlLcq8V6gE{e{12-+3*wR#|7W*h&f^d?!lfi?j}k68
z^qL;7L?mps=W06Nm!Udb`%*fS1JXE>e!xT#=7UpnxHxXy&gu3v=8ADGKm(=CH@Q<n
zKq8R$+X2$FmkcDBamfw{3h_a;9U<d|(dSozKeAxCVQcCZG|}eS;kPPZr#0hPlu@U;
zd@v-G_(M#a5ODgE7KFnClw8(ROaq_Z(rJ+g;}6#$8$(DYM8%o5j7DQN7ichYOZm_z
z<F56Eb-$yZXJypT4NXQJTW0Vl@$Yv$HV_4K^(eq{_il6Mc59Or?Nx4jIiCB#yMc+7
zByX_a85zO_uEg`Lc<D|(0~Fom7$DGO!{4c1BA1@~)CExFR^|=z-TPZy3q0{V%`oNI
zQqG@VV)IT&p}r3&y%NwBfJS@M|B@vj8<(E5u+Ph8F44Q3!o?sbcKpz+n%wp1sftB#
zIuEVA3U9;%Vp~y#k}e<=mnC9u3@XB<M}`dgPY6X@5U+_`ua4vBT^*LXGv=^^ROoY$
zr_Z81FUtPXFU1ZS^63dFnF_l{xqadu=LAnhoCPv`P(5X0Mpi-Z&pm=w#*yuxr#M(4
zFX0sfP>3;BTxCBEm{=(0%i&C?$PS@bFTp^gu)MSaumdN>qQGn&F%YD;sMmMFz`q_5
zU81&hhKZJd1QZvEa3I<N69xHkT8MRQvzG+kI39<di%U8^MZE#Vlq3PFGD+qb%2BZN
zSzn_MA0Q=r^fhW*$!yC!=!=+lC3h-B!1?>&Ux!&isrAQ|7*!$17tKu`MovF!>>4}`
zK0MLzto~8LqpwcN-mo93e6T6w8KlJ)`<PjZ$@sR67Up37QEJIHE*Vr-e)vT-f@>=%
zvKrpaAgOVwkz9V`v%uQ|rvad~wM|h@Evw_zkd-@{K<c?rWCLO|3Evuf=_9@Gl6s$v
z={WMUb(EimQ%$PWv&t@n9sX4Fx(O{Ede|o5?hiDP%YzT9E6)3*PwySt&7SOr$vXqP
z;z}ft)d&8C?eB4~8`oH=w4831mvao)hq9=*C`a}v#jncO<{zd>$8PZT;+EMk9FOat
z0_a-K9^{@u$#Z;?FxXcU@Jx_)!Dwm=nL6JSQp!^;G>9di{;`@PsVIam8HBbh)n*Ff
zirfgwm+xyo;%xxbVoCWXJ_~`UZ+u)oiLqN?@|BB{><8&3fd~PNa6TV@@lkEKp_$h|
zxlgW;=Gl+?wN?e*90UFk2OISJcrstCZ^`ayoJ%{=m5bu(=2jZ`7Az}=a*kz5Vv&qJ
z9DFT8k*FDageJdx4oH!2=;{>8ur{WE7&q8UR+nH(=U(!Ag!&&1dE4UfOYx7@AYH&V
zxXv8&KiYfqc&hrh@4HaOC?v^L<}zj;w@M)*RA!Q7o<e3jgd{@<ks*ncc}g;cIAzQ>
z&qL;U9ya!KES+cPdHt^IzMkiPhWomn*X!=TsJ+)-Ywh(tzMtd$`5Y=$4AOYq3C(g;
zoD1aPVs>?5kKfD*q|ZnfH#BeC&NthXTx(-+bqcXY(J@jzwraY}h=~bs1%DM5V1)Q5
zI(V_vKX8vFOIeRn8wiG&4-5!pY2Q?mjX1Z%)T;fe<}p%VWU>eohySWKseUXzzW<nm
z?nmPj_)Q0f<I?)up~LZ!uE{4tQGmYLuWu+qG|#V^@%o?PGyi$%_K&ol|Jo|^n3#}>
zefP?wZ&eBEGgQDEdDE&`&8!+4Y^Yz(;`?uH<qvbl-NYZ|JzQ2$7e|V3-TkrQwnNSL
zrnA&<(~#+KXTHSesrO+mtb!h%toHDOTu0ON^P~hkQAN-G^@n)>H9vfm8fi=_>W9x#
z&K=+R<DpA!p50d2_&W@@w8n?;K9%_?z|2bbdt&2_Hg_`LVZP-5TVsT~{)?152*tul
z+Fz1ywNDZ1f5q18jLNd%9o^Rw52fh$?pb%QprlTOc;>%brSgkneIrTbHz2A?%HhmJ
z;*PD*lo)vUfR)4nwSDe2ga)O(+)ORgkg(N0d#QM=s85ndO{~NiO}jfqWz>;u@(!bW
zfqOLvf|0Hwowe_HpBB!~;^rAfmKw)LYHG`jCed-Ub=KQKUyU|z*w&Z>4#Iq*cXLYK
zXm;q>g?Jlr2dIhnLXLLD$8+W|5n$O#<~hULNsudN;;rla(&dw9-PfGSjZfFpOsV{M
zaMROvYpcQ|?Qe{Sx+EHPsC?~G$9>TT`P|vWt)a~ZxV?wikQx&xv^!6Bp>s^i_vG*4
zRd2;d-yq@;nF}0Ku|XZ*=oe%OF=ddK(PaqX8=yg46CqxoMal;e$aqb^tCUg2s^=8>
z^8~8sq3yotv90-2&!4TvOL#~vV1Pa+?%Ow#6Wf^YT>O-~Y1fVGpR^zJ_+_LR56PJi
zXt@*6!_nE~6%Sl`mhb#R$wPJJA}zGX5YHG!z}RbJy48|&%!}T`#LGx`KpVNDHs`^@
zqv0O<#Cgc&g5GXR#j%R*byPsK0WFovoD6lEr=;nn;)!P;tFBh;IB`eoKQtFsi`nea
z9BB)}S?WDldK((xtGijVtSY@B7qea4_hzx_lb`$!1(BiGmU)9m^b<qeisr~9ZY#f-
zr%3!!&D2sg(=Pw+$|)SRO~pG^tKJ$3ty8o22dr4;$1*l?w42MHPVG79fmv|xI@OV)
z7WXD{)p&lcEaTet>1EHH{TEjfN$Z>$GCns&J}(98f2+q2M;q0we@ox=(<wy@KV+Yr
zSDE>RM6oh(9ZXvluBndD_z+vEyFJqFb3>q&&0MV9!+p-SvY?aFuUN0aGKwos^rf_O
z3lT@>Jb7OW`Ybusl12zm4_(}~6OK%@`&Y%vEll-J&5C`Vz1fZWnJ;F&X>D73$a50y
z$;OMe+wHRN8TeH6Je!ro-V?q$EKHeXXK(}fxl3N%bqMlp1X`NbBfYgYbF92MkJ{Zb
zu3=N@In3Z;rW()Q<+x@0S7RTY{r0LKeA_lBce2{A&4K-gYTq^0$PanUIdRuB<&3s>
zZL2ax`{_5Vx@pp+U0OVizD_z+6?L334$qmJ{bpZo6^w_mDOvFE)_h#E2&lb3m~`s4
zi5ju}9+nLSC+%bIO0hAXiOwWPoGy9^*5j7c>>-}w&*?Wj^d@6%%Sk^C?ResSl`(Mc
z5H@Of=44;qX+aIeZ$`knwSM8*5LN6g%Q!3FnxE^@hR5Wc8Q*7R%m4kz>eOdD(;EE}
zc;ZqjsYSrFXM`3?sJbKW|MbNb4CalmtfuD8eyAV$nNU5lgdMsa@l5MNjuU#f!LF2Q
z=%TWErNnzRg$B(1XRM>(nkcswDRfa%rfC~+-=FA`uU}+2EWH>+z}ggX-4Zy-YZ=Q^
zf@KmYZ1jNq#;Yf+3z!Mdw0U{esDrab^3|aTU8UNLZ4sblL|IsIo6GoE;7zIy?(ugL
zr9761<NTSHYeV_m_zQVW<?Cs4&z{S7ag_s`-@dGFLjqdVz?&g!&yUUvue=r+oCB^J
zdg*u90q@#QA67}mv|=SzFpupG?JTMnS(tX#e9e*hvF@LzVZ3sxXa0j4a}FC3JHHAh
z@6tn=tw~{s+lo#U)g{U!PBIU<a<1xOZeXkT+ab{*bFSR<TNR&_x*W`AM(x&S7x9<J
zEFXRQ$#Qi3rQF#sE#|L^L)|IRLqF5=j$JPcyqqx}^I1wHGud3js=56k8Etdc=9K2F
zN?+Qph+Fclmq)w@Zdr729#=@jMXZhutll#4@VZZy^(tzjft^HIa&xgo+WOTce8ymg
z$W?ENrs(&ccNt@k?F}#P^QyFPkYq%&Ul+RYJu5m%`UuuM9-;|c${gk=mJpMWE6&cq
z%D=!;f8M&NDA<PYA5Y1XJM66<X_+!4l3oJrgMp~bYj4=X*lBGuuX#^Ma(pUeC85}F
zpbGeow`=uAWO%q?b+p7hwR&Yu<Bt~2qJ-|<_iTquU5ivT-df#kUfbOnb+=Sh$-`=W
z1Q9RAbqfE|u_ItDCzO}bQj3pz7I-<g9RxV(7^(dZOsyK?!jl4fQFl?|2-rw4;dz)m
zwlnV+`w9d_gm)%BZrjIL=ZAm}>1tcHJdyKoq-~}|{q)XHOxnD$JeA)qGZm+?!mfbe
z2F<SiRM3m_e?LC1TjitB#$;BXvCU$=U5n*5*R8&&<}~TM`E0TzW`$Jui-%%ptg|-M
zlC1ZaPfCuuNGwyjq{+sAnROgBDU;F;w1ypnm9MKyne7rs?&%*{7Yu^D#hYHV2~ko_
z@F-E=TYWp;XRLlDpQYBs_u)po7heCiYM=3G30+Jbv#@LLPS=$WeGN3RBrnY7%8e{u
zN7wz)rUxku2Co8)5zB;t8uP2<qff?OrCRT=UScO<dk2v(OF`Myg_;KX);Lv%b2}$n
z`GzT?aan9J22_?$WMcMhwgyb1>*S2~+HQ}0AKE+HTzyeFO~kvaM>f7_UsTUQ->Lj0
zX;e*fjj}29Z%RZr0`Af&*1b2CuSsEEC%((rx!2>)RQJSqv6jKU_lW@9st-~F+mu)g
zpU<)!F5YcxxR+eXKYNdH@B+j8>1Z{}IH>ZPY5rQ7xjWbe147XiS2$E^@492rjHfNB
z%p@Gl+N#j5ZYOS-lhX%VFA{rb6E<1BKTK4o8)Z!#uE?uE9Yd3-(;iO$TH?{Uqjhx?
z*4&^CvtGF5v_E~VXWaF=TIpNd+Yzug_@($crPOdRMdrtMmrk2C?C1<Od<`Tmw`DK5
zZ`qG7dXb<Lsn5s8&dF1MVpWamO4C&x(K_Gx2Z=T{yUXeF^nwXH?H7Y54A@D&K>`W$
z;|WDMA=K!!jMUy_L#WKhkc#159A)C2wUsIR+_!vzcn!;r%&~KNE?@mdPNA@_F&i_p
z_8uZ?3bS`z6Wrt?*u#B=;^%X`5>n;vs-W;J&YN}CNKD_qQD+){Dxr35%mGck8A|>~
zq0iR*N6`a=rj>!5b^Qe%?2Y6c^lEdAUh6Iw*72=QpO9LZV-b|dbT?^=wYd*gZP}oA
zndcNU|LcEPiP}9+I>;ThaQ?Q*rKE3dI^r%FzpGzxjECSdKXE_K*D5JN?Bp*m<bK<a
zO3LP@EztV@-8*V_yu1GUHx|Y5f15@5-(WjnQ3>IVRlt*0Lqr%ijS}AlkD~48O6vI_
zy3@%r+k?mXdsxcgliw1!I)3piXZq#}(pr1P`TCMdyu``Q3~ed|7hZtPb8DJvVk<y|
z{C6uK9}waoW8Rr)e^teNd1heuxf0@)FeM6q4B+^;n!E7w0s=9jwgxfM?vH3uULM7e
zP*#oPDGq}4WrtAH>NDoQrTtmZTp(3*1T@G{=eo}tUa8E?Xy~|AgQxt0u}YoG!bG-C
z;dye^I1!%R{mqKdaSHU-mEygPzUt?v1xK;7+>*`<WJqqL%ha2IDxj9HhjxM8yb8AH
z)eO%4C%{#HH_y)h?`|<T;|Y2Z{l`iK0^}0DcPGf7t7O2sQ640ome+z;z8Vor4WNf>
zx4X6cy*mWSE&bJXm92utQqh&*Drmh_gL*LL(wZ9*>jzHvq>I<2>wljSh{#lq72+Cn
zWde~DY2uj7Z6XwWTwA{*=7zwO{+CDA9wjw7M%7ipqJy+`6_B?ga2Ld?Y-3%|+82%~
zcVlJuk#-Xhwprv<!&FnNZeRo-sir_ZZy2<zK9);NaY?+dc;>^$D(g=JG=_q_A2UHV
zT6P|A(mbH<mFt#SYI3!5?_H%w5N;O`k;l9othOXQwwA;g=_CGZ*Y<U-lATK#Y-%Y^
zdC<ugSOxmSy?hot3!mvXR|0BN1(}OI5yg<|jGbnJIb>>*0c;-V+`{$Tw1<$<h1qJT
zT>9uA2sTVBWOh@Ty!Se_P1$;9%=;YP@ZdT|ckbqfwQCmCviXT;ulU#O;{^|UhSCb0
zW7kOMI)S<_#5c;f_-c>&1!8?4bF?E<gly7w!GCi=fV5XB@s&~I4<Mqt%wf>~gD^xk
z#CiGFbBde_L|bvffMaV>#`3?ozjQyTh|*67Bf+9}Xe_3asOV~?s<r&(V|9@A`k^l1
zKG#tDQ}eg-q2yz=!9jIe(sjSD7m|Ql)0V>FbV$W7Re_VVG~e6fjtniw62~8jlFl|C
z>t!u5oX}en!oSB5ywAcIo`z&JaqE{9T%2%hFA0-<VWy@O@ohOJm3_$Z`oPBoW*>+3
zUd!xnGF<65<04U?Tv>w-{0j=1=CfKnpm!$V1100pS`&JPYC50qE7CRw(!g8C8v_1z
z3UGJ67*+c()ljL{*b8;JLb9mp7pi7QywP?X^Vz50J2{Wv{Gs|L&61i(Wa@2L_Th9*
z%fKqgmAp4!4~+<o9UPT1bu$^%LB(D(Uw7A()cSfQ?toe*!6c-?DxMbF3cZ&xvHCyX
zbp%oyf)9JqST7Uzn}^HUDQm>GyGEB25v;LN?k*mpd<tD>COe-;3A?_KIU&_tw@WZh
z(4#!2_6~6kOm$@&#s%UvMel4b8d{UQ?9xfDEPs&_#_EBzhxJ&x@03rgRV|OCt4)iU
z^sG%a{?HDrf}S{y3}n}K2PSe@*h@!<Mewh<Ci9Vo(y4Tj9OfA#wjh44Vd`ukNI|@D
z#<tX6hYAJkhiJ$6Rs}<kWvGcOid#PMO_w3MtYnb8cKP!#T}mk^Wy?B86P;q~ml<Pf
zgAdEJcnq3_{2}t$M%23ZR($k!Okw~<%HFukO-h3_f}}y?mmNCEVbI#*XROHE%$fim
z58wjG2d!+z_(Q)|f!Qov4o|ic-N5syChf!tM=GJ4M6ub><PqD4hI!y6{?(Ny=O!j|
zQ+ni|mO~?Z1R6Ubv&=3E!biZ}YW^8%b9dhRnMi*N3c?8uL_h17#|vsEYHg4Z<WPQl
zlnurB=z)xb<AdZ%Ct2AWcW=n=QgaHTH+aPpy)_M7*`P<BD`9(G?^P&sbc@Dm8T54Q
zxts~~!<3d=I#EU&PGEX@hkdq&mg|<OKSV)y2-`RrG<(V_w1v7)yUfjrzHUQ1#Kerf
zhJSTcdu)}wGhz_s5`Tlb*F9q;X7EmO<z&!L-!T^G+FCr&Z+oRZUl)3FWBEPtC1zEZ
z@1jcQE}cDoPVEm4@fk0;lkz;N^S;_<R*Et0hCem6B#mhvK>JuvfNP;42gMzY=MvR)
zw291gGo2>N2)(g5#AJD@Z6|zp-zR|n=j6MnC+tqFXEPZ>J5$F)Z!=<`7i~5ppL}5Q
zp+(xgicO7jZvswa9Oqx5=qj@AyK`DM0iqsTU-Y4iA5Ba(()n#1tx#5KvQ!_jkvc50
z`Z5zWf{wX)=IccvR5HG8EUJRLy2tan3zHC5u`gBp#9~k#ZS;}up3U&cBV$O5PmBG_
z{G5bNTome#tFr9{wWL&^J+qGypJROy+Tua7-O;3ULPX^4zs&>m<iIGHplVsYC3Abe
z<j;spzu?Si()r3i*3e0@u!SLbdjIhDUOiuf-J?XxB9zliJH|pti=s<lwq+B?)i+eY
z*F)zAh7ev6=b34`BRi;8!|yFIkm-G}#GWk<`X1kdNWJAW1n0p|6U1<_E|iHW4#e43
z#{NSSjXxM*yJ&2oLm;t)5r_#{Pm1@N5v;suGE3<E$7hX%s4-Ns#>cRUmR|?3bK<7&
z*GC$7aXz*?=iYe{CWYc*l?W#yW%+|mi2u+)AFVBe1+znjL`d^`JrOaHCr8`z`$?_w
z<$c&ETLsZchN#V?T{;&r7!(`v*U5Op?#&!BLGSo}0V1@O>0Ma41F!TLt9Rr}gmd1<
za@u9}Sy)tKoQp9k=U(mii5(VDCA~+F)_5FGv9YQkrR`7Pog&z0B>wBFOubglq?tYY
zJ^@xjvSwFw>8Ws{gxDIYK!u|@V2+r<1S>o=dr-GKU4L~>bt7GVS{hUHZ2wq~PM}-p
z?K_ZH)_kPzT>Z$NckC&N8=^b3_v67M`2UC!_+5bfpRfh|5U>Kh^M6+|J(}x2fls_3
zp~D?Dc>8ab4O-~`S!DbFVi8y!A34m4mPDqB##hF<T5j4S`Aw#J;jsrE9=t%rB<Ih%
z&i;=Au~J`Nu`C*)x8Uojg7o{LNFqmi{s^*mIZ?)Q)X@KQi=!~bZyXEqzDFR@o)lh<
z3;+*zgp%5VE_fB-b-(`cgoeZ4^%sOve{o(UM*`-w3N3C!0uh36{i53@V_~r+YXvVD
z{ih))IYDv3$wXOZeP)*ev!4;PO<sPM^ndiBo&GsA_vU&FKVIB$d~PbS+LKi%{x^4~
z$xhNU&jetA2bkSJv3Pd!!f3JEi~C4;IRYUdnfc&*PZ!rJFjMRPWNS!ISS!f1DjNHG
zs?qc>&Lp2vks2w3k<4$qKI>0@`+L{`=+^sbq^bD9(eoW$d!8s}e~)bC>qBLCcq1gc
z=fhXGHds@T+7F<aj2tW77&P#ZxfGY(N{$g%UZIetj-!LP9=`oO@U@P*A6gYaHFSKD
zj@SRY=wX4i)Inx%4YRca7B+!O129o4(`h9<#z6uL5h)G#)72b$?`<F`#_SB-Dg7Yn
z+Mf`}zk)Bg`CJHjho~cpTWD_e(aH^VA4nEne1g;}&2jvw29vt<&EEi=b|@=J|3Hgq
z)0?B-;ryt>;#$0HG$y?focxV0sa?M1M_Fn6KG}v=vmR}y1xhkaViyTYbh7QvIU9n%
zn*ZAKq?_pPn_ykxw{a7yQ_-3USwafN=NQ`5X|?mf6o#$}2H#JL+F&Iy^jyE~0?n{$
zfHlq=_Xe=5hDvW}A<cf1#)_mzMzHJ1-To2DrSaiLXyq<+3}?z_h|d*o7`V?DF7-RK
z+$OEJ(=F6%FH*B~D%zgQZyBAW2UDu}yeDKxNr-ff30{b={|gW!XON&idW?=bZs$G{
z0j_f;%+Ayc2&d&NNlZ+d@>?W}773Zsicrf2NfqH6_K9uF*6+OGgXX)#ltQv>s~*LK
z>fy~E)<n*wL5<{Q(?oL*_U-1d=35Bcqz!lTa9!e;&Gc11Pf{e)Wa|lYN>c2hgywoy
z5@nXkA?Ud~=@bb%K=;4)MAGpB4F|Ps=s{;7*bW(^RIy{3h_nScU~$K9q2aU$<az))
zTGhZ;LH}r>|1^q%^#{wf=S0S}&jWGo6d=b1je$+^8?9a1-MFsCD}pkyHRDuTMOPH_
zzDhOZ%6x|};u#b=BYOI|vAfkN;7x)T{ctQ*`>FeK+EA0+9hjSh;P){v^=gQo=sQOo
z-Ar)sIigufgm{qH-eRQdjJr6@buAIS?^<Zy{4u+nuFeFc1|c8TSf&BkzSz?>`61b<
zdngiwxAo97mtWMGkQ6k{RSAD%74i1T_IzVM*6BgAEOR-Se7nCUvRiW{wRCZY$s(RU
zBdESRTrsA8+gr-ky#-w4lex_W1}S$FCR9Cmo#BC1mqsu)7K$PlG;My~XXM^kUCK&=
zRP23O9Uh#SXG{X|TpR^vO$Yk#DkwV3e0|~e3|X{b_j1|xa^>Yi(VkKkmkBLng~t10
z1QSE$t;vz<#d=+XS^vUgd5HB{@GL5NJPmc6n;77@ue0YCywoivrx(0LmN?8f1hkOK
z=>d*-VjFjsm83C|GU(#==1oM>Q}Eg<<!{7>HB%$!3}9u+6m)T|e!tamjVMn3`0d>Q
z%ceJimeibzGJmLKe=TUI<~qqp6UIn+vuHo1aQ^0*Iydk-Hiao1B^op*j~uvjo!W(O
zH<Jy=_?_}dszx7CthO3f6yl&Qs5sKo4$3m<>&O}UB6By6s(pDh|KYhb!`Q24kBu8<
z<Oe0moE^=WBtW0-%wcn>mGKidUE^PHwuVju>Un+_O>H4(R-!P<vM%&zfkoc0_>PZ2
zRf6u%XY@T&mHmtGbr(#Gz2Xdy1AWySL9!L6@T~T$#ivkVJ~I#{;A5A-do7<W7TfB<
zX&tcs_>j!{)uf?TNO;p95a}~2zXrXICXu}OD9nZ?Y;l=H8;cawzbA;XI{}FGYaJm_
z7HUYMs6zJRxFLM>=?5M~=HYG?piV<BuF&||ZW|u8B-|nAZu9UfOn7(};e@dS0wERY
z+bX(&mvv6vh@P4Zv*4K0tS%o%G%saSuc9l*@Gp7EQ~IqXxQZPPBv+MCsy~byf6XDC
z>$%_d`IYCWlO@H)u#(tc^$fFc<?p>7qU!yA+CBjO{Qr$#ZBg_~EgGsXR-5+W^7wv{
zklne)@?@;Vvu3dJYW}_QB12mK%^;WmZ>xe!@Q8{?ErsQun<nVny<9CiZs{hv|1O<r
zM_*()1-sG{0pr>yV6PTMCV{NY_lc6x@-vqLI(Lv(AP(WoDT2O%mrt<}(+XSMQYJ$N
zQBe89a_85RZyJDD^Wo7a+3z|TKeD$uL;;3?_uTNGSl2TE6b5jP9)C2>ri82iVFS+y
zY|M`#ZULydvm1X%ArD$c*PkzzAfC(*5bbZVex+b5M^X^{k+C4kG5lZek8nHx$AF^#
zB!mVU&G!}>EsuUfavu+v!3f}!ra`@DGPjdQ0{=3|MT0;-c>-ySyzC^bWXx*aB~F$Z
z{{krfr6ifg>1&qKi0oqttINHa{EdS|12pPXY7k%{*tLCI;V2ES9xX}}0*{|13X^1?
zt`nMg0i<6SkbbDn78$J7fuLen(%^*@E+D}16%7!g&Hbyl{w!j?nZPb~wmUVEj-+=j
zEy=y(!|f3y(6>*ix&Sv+=I-p&3)f-nA#m`=5Ld&jY0Tr-NywNTff&;`q{<`fR4d|J
zj}<gk(W^u1EB?a`L44)3L!^C^i(r=+b6GOzF|=Sp3Q&LnbN_`)ygjK6Rn2bW%IOb&
z=J0@rve~mlNNqSo{OcxYT=YfYS&r)n6Doyc?_j-)NME258bL-y$9<pinC8$O1fPpG
zfiOoDx$n_q&-%<j_&$yv3l<$MAudhtNZO__JNiuo30MbT!5Kp;xv-~55#wk$bIBq3
z1k1G=r?gZ#h*|*&YSx%Zk+tnnr5EgM>ZTjz{{|Ot=GU#)PQEn&zk{@~C4u7B_FU1a
z)s6d2m*qp*L{9+WuX7p>-QCfg2|;Dw&`tS15G7kZMZiO_ghVi2k`yMJ?aB_t$POL7
ze))LI?rt~O7Nj=1jXNII6AWJQClk-yLt(mAEzVTBX+8LneDxhxonpiLaUyvG@r@S<
z$T&b4p5&pyk{S%v4Kmkf;isIm?|()qB4DFpa?g*)@s{D^lHr_7;*wNUM`WsnxIRqg
zSCw*W*d`ts#EApPsB_jOTN6HrA~K%|$#x9J^WM;R9yoa?+kheML?x1XnX5?Qyvw!O
z@1Uyn$wnVCaw+)gzkzIdFFy%Lco}7oWqE_<N?<#mhtVRO{eDj-_RNnFiFr~#xi?mZ
zGheZvar@YhiVBRvXIPb0Ww!4l<u-_+3hKqP3isX!GX2MZ<Ge}oO}VB+dlWO@F0OZ;
zU)mS<nwEU`77^P`BX}3z%7*PX3bxct$h6ZRXHN4vYEq1mr(%xf{^7`>`&Ra5Q^7_%
z=l!(hDYaNBlSQdK-h~~E^P8x-@^*mskr_g{cb*ulZycy(yiz}&Hh(8BB-~~_doq>n
z-?ETX0|zW*VfsXf+$Lh57(*`y8A4{C$HZ?Gvb|sJ%LX#KNe>FM5hzhJo0a5uL9-MB
z&qYOG)6v-*$&ys6Lf1V#X1@LgAjd+sZQh84wICS@bWz;elogg*6Ujlm&n6$o9dGA+
z5bBQfUol@N6CE1zUi(5;ON9jAWO%Pa^H=cu8){-MD2C7cK)&z^1Wib(Ms}BocS=&W
z55463N2rBG_?63-1kd_7c-ax}WAv|dE+bl^b*o3<`o-XNWVqEE!wN6xJ$Xx_GSZC&
z`tG_5Ex$qGHTZfOReaxg$2fNdQSD?}Gq~oJqHcsX%Si1D_07G{5c%sQ-Hzha1MX1Z
z$9U{J4X;08$-3Ft*{8EHmU&1N)-ZfI8L2wgPTyE<OHX9?>kn4_i<!((W!Qe5!d%YS
z_=}Zfxaz=;u#&Trl23azY{(uvRBrvvN}gf;#Y&DyhK(f*5>n_X9DtG~Qfh||%Rpox
zzH@c4QVUM=fV3X1WGF`lCy6K~r{KO+Qk-qL7{Y!zRA$GlP{hX^Dee)Z&UiHyo|D`*
zpSYpzWyH|$YO)VAoxU--E*v#*XcD$JY@-T6PQx#zGVTS!R3>`5T~y;Fz4$p*F=n+;
z8>l&jO2wn<sB<Z<DA=BE)#N$OUkvFL$eK>5+}O72x^Sd>{qDXM?n&bAPmX2xqy4SJ
zl1~<+*PaONzdFap=iWan9$-GWyFKEuGEfNqBr$G9b<>$Oxl2P0C`REC!gvnRaeQ%~
zQ%s?58`Jfv@(9H_1~G`5$L>Y^dz!Ma|2IvE>3YU)z-6ykCkSuyDj`0gOPNnHz}%pA
zZ!HZKd?U6^oLTWr=dJLR<_F2GSIuf8_eXR#aQu;wb3<;r&!r%-x_--aLgx~D;q8Km
zmd!GA+hp1Nb3W}>sAQo<BmzZp*!d@~m!_D8grElIauWoBPuCv0K?j4@=nYLxLftbR
z6q+swC-ykROpIfF*>Ci$vM8!+3aCw8-i?W%zNu6h5%L|6JJz}poB`~_Layg6VRhG3
zm1Zow6IL&LEi6`|`{L^z&iip->hULUQRZNNSAjp9)I-W(ivrPDEco$GUITAX-#FI;
zkV#F}6Qe*4=jf|--W*c{hRFsGDIgf*K%KtGPS%)z_p47g_eCfEmJK!L5j^6fP5k1j
z83AL>j(<Uv(p6NwVkmmsa@ADjSL*Xus*2r0ykS8#NpAgCEU7>!??b$Eb19NKfgT`A
zAK?Rt@;-aSlY9;5-ReTP77D675}@ycEoN$}rSK}AeLY)r&3*4fQL<64v@KMTZ96W{
znonx#ok&yjl^u#N(9hCO@OOlrUM<JUeI~<xDuw$qt}_&?ow{*{2GK>Kc;oOT4-M5<
zsS7r43_eVWHdxi3gv@!OwM|e~yQ-<4BY1vH<PYbd3B7iyaM=`xm~dYvaJ4R%t{V1Z
z9_3-g2wBM)%zXfd)K#V~IqZxjx`}l362q$EuTT;$uv03BDNoH6!NP2e7nZ60hcVqM
zf3^gLFug~)&X<n~GQQ~|a^b9n5P3Dj+D_S;@^qij@eaE{65@#X_=)|}{1u+VH=a$Q
zD+in?@sS#&Af%lYpkTz;qas&<FTu4c$HIud4(^Vb>4>DAzv#-E0EDjW<AAw_h{F}q
z*ndqR{BNY2!9o3xYw~}jjt9M)ZP<^p%)EzzF>15>KWT#4qIhujb_i@aJ`<MG44+JR
zG)d9tU7XTExY$D8cnjg}EONyedf0`qe8&?HdUpYSm1LHypl*sZXw_)`(B{_HhLkh8
zpsV2$Ajd-RxGZ3p-yyb*Rfik+a5%r$B9A<zQPPZhmdE_#-iwrGFarxGbB95*IuAm-
z18IU-o!9{dJYnMf`diyeh%r|v&|*y&g!3KDN&1sJDvSH1$))6P=M>|i1!N(o&D<5#
zFf#96J%-OndXT3~TJ0a*Y&<=Rys3y~kHhA3JCAP%lwOod_9qA_<f5ltHkmFEEc^So
zoixOAu{T{-3%N#0(PDfE134mEu|LU=9cxjVoHy$!_PBvy903sTTRZa3;gnyW?KIVf
zb?@l_LyvvGgNW+xEc`Sc)9EVYeIJ>g4QrN^GS;3hO}E;MGp)+C{p4S^*^&_=xzkZ1
zW;0gdK3w2B%ayUX^<71oy1YkSGdX8WbF6Clwq$klP`RE&ndILmLQnK1AW;kpGktvY
z-FX+tnfgmO=7x4X4-IMi-M`<{6;%CV9y_|!uUbyz-2ccuL;J1^cIJlBK={ivo<C0n
zazHY<MymQ>#aAg?0jt#4R3>rXDf8_0SdU6jp;kC92FOUb+nHad9^MfMP%6f06!X#5
zZF2~vC8-XOI<qi`;d_nUob<;oluFL^<nXBUL3%O0>am)2O~W&t9;^EFXvazKrM5p#
zRUeteMK1*<?n!mh%;|k$V?X+(%Qkpb-))&~gb=;yJc96s%D1|kHA1D;9JV9e$u&0v
z^DKVkEiLWsRiB~asGCq~zuAbL`xv#p-&KtAW%86_mn!AxTyHSk)u4wYGF5ds3`Zw!
z6}_wNvKjoTD!oj8RA|Fjj@>%QXoIgT;ZG{^oAD#FzQH!nOjAR*4CD?Q(1y+dmzm7g
zN~zt$$**=ZQ-O9{@$ZcGD#}<8P?o4p)n9`!)Q>7|qgHY`U`Usdv|(ivl25Cb-}O}m
zW@4*D&~#_W%a(756)q}>72*`cBrI=q?=mq;Tf0ZbaAx$J41u&&6$Wv}$pLKTX1#(;
z;N2|<xwS|2q~TXr5T%jRL)dZQ91wIylWf_qqd4hZ>{Y}*kKI)^dt@MTwp_HcMFJsK
zt@dWm+M}xjqc%J87!5QW!Z$L%{PV6jxiDe4{RQ;|@}K$IS&uUhxm7m_h%>h`tZWVQ
z+gm9e>RQ<e^bYkysKi6=3u%V_`<pVyeLbRF-C84-g)t$E60}s1cb+ro5qw!hjZ;@<
zUiCaH$tm2bZS^c)1>Iy{k(+Vxbjg{jUfT*%j!j1L7HMgrg)`NggZ9p1#U{>rA$uxV
z8K<hB#rtJvoNFpkY=kh~&eNv6(4_3bs9jHaXFi|#8EJKRB-AW$gNDbd&w5069|L_M
z_Nk$5Lqo1i=+TjII5Uu713YMax61Hkh&YPoNF}`l_pv6Li}2&754>^L$@X=N>K~FZ
z(Tj?{?k*O!!UmkkWG7i(FTyw4Jf<;L(1e!Zv=L=PQ07xAMXzo5ZFcg#N4mo^M_S{C
z?og4%o>^wpcvv%3pelX)?}tfAF5H>o?1$Uwp1VDgD-66T@;EK!5PG2Pr2y?<iNzIq
zRXn@Zby5G5q~*u<Y-Z0aE~S~Yt$`3s@B`AkNCT^+_ZB`J9Y`$2j+hso%fNkgUm%Su
z*QMgESj#K+@^MYgZRzn$Q$|}`&;tCn>;#_EzEP*lgIlrS*R4pDlK)<ud8wJOX_t-P
zR0kX`7SwG*2Brb8yc`$&XY9^r@WqkM6;Hj3Im9o63Lc5%{MnUA0yf7_Q8lpy7Syz#
zW@EdItEvtC$FNqX2R-}Z{5Ja|{(kyq5t0yB<2w(XN?^LkeY6CiV>X9V{)zk1qz7bi
zX};=bgfbq@o(P!DDq%mm(z9M9s&?0{XJtD)meC}dqh1kv`LxjR4?9N)mow^_v6~GR
z4M4KPMTqZd7rof<3m-@Xa6u@u6S>$u<0WOkK3K1XTcpo}{mux^lrCz#jqb>&sq!x`
zPfiL+zx246GryP^>Wn>|m{@Cfo%-J8upWc+&qHsd=!7TYvs8TGb)K<nC~s9x&*NjI
zT+9BWVlv?$i-+{B^7woh<~k`YVAjk*V(7J|T`E~V(YII?+-1Oo<+>j|&UKBTYI^!w
zdV#3g`$CWMpWt58J^&VXIZ%9l%ZW|9oc-voGNbj;ae+!m_RR5cx1@&TI;>7hd6-mW
z6NU#_cjlVgpq2Rxf@H|Ly;6V3llWdla^E1gvauK&Ng-tF+D#Su<#K7f{$%2r5#+QY
zfkN*~Z{GiVRhvz{jKlBkpsH+3^=eb1x+f2T)_4pL%@?ki8pJkBIS%<6ftTi+NsLOX
z5_SQBtXs&v*m+wdW~bj)?wT|RsuumE@>^HZ{N_c|Fo~uD%zT5RjHA|bwPUwCbo6Ee
z)@AOE_p;~3;LWQ;-jRo%!xVu>5)ZV)AGhm0HSdvob8uDINf?x<r+zA>jai|5p;tir
ze$nhRd3GFS!1N!=C?B{aRu^S)-qnK9bw)cBt+zPWuiT9(r_x)TJB7UzU@39FZhdlx
zv&M^fRkSv5FR`}PiO~!9W#+A(E2>ddgJVa1?(<$IX5%Brv)^mCp6E%5bGVU}A-{^<
zh6*zDx+eOh@6_6T7QCNK`@;dtT+&iKlkZN|)+EK4x3l+qStc$aY+mBll~FshzJy}#
z*<swpoW_Q?b%l~@!%jUb&s(BAl4aj;QK(WUYg1qa=R3NpQx`k^Ewf7{7SJ2@%I0Sp
zl`u(j8lhADp6g6m&->DRH!tw?@xjdC+4@CGX>6PEuZtSK`1X*`E}Vwq{;8f^@e^Mq
z#$e<oQPr46sF|1Jl$J;D@rJbN^f`d|`yadx;5eVV_dOmLBi5)z6G!<&EjCTy-5$&G
zT^&8#$XG7^+6Jk-Ce@Ls&_XI6tSS|&fnZCzF~?}py@xArM>?!qZ*g@>?0yPNn>Tc(
zQJhi!RXTkZOuCQn0(jfMlrqjosj2)7^!}xSS|H<OCD~<qoM#@DU;2NqMl#KHG=aG<
zlstbQ!=L3_*zfWUB4Azl;UC^U_=ipUTLJceR&1}OPFG!uIHDx_5(d@id`m^m8`8nN
z5*R)c^mU{)^4rUgR}M`1|63jYN9o-@(w?qi)D$ah)EFZ$0uw}zK`<<_CwAi){!ua_
z+w$!P-Cvw-O;ix)`W)<KRag(dy%zi|@GD5N#`pLkwv!)>s{CHNTXsPF1t4vdQqZFg
zW~RSG&UC&8;DBJ%K8EC8lwzCXw~CNGX(_-wFW($52Wo=W1qPdxT}+*v>;Eh$weknc
z2$J*y64C`v6tu^K7Dr&>1rf}_<<~Y-mp9EM{<6QM(+!rG>Jqe*E;mA+v^$a0iyiOG
z(mzAPXFv}TFK0**$rgsZCqm>4lJ&9x+I2TK(1_A6a|=O-;EDQ)M9y%cAWqaoxdlnH
z`I|rV%hdf;OXt@VCmL{&{1Ssgdnwz=Yz_N<rxgzRzakum9tg*3{}7H%0;^IKBdP$Y
ztb(pZb%u8SdE<&t568cE-<nK~vw3!DJ%GuJ78zBfWwu!X$VQBr)Ox#yfYC4^ZZ^9j
z1f%8uljX>KqbM@{hCDT&JQm-3pTKIesLzIU54%Z$B*2c%3Ya#(E)GEwWQ_1ak^C5&
zAkRP5;+$;2OhOAOARy=ISUc7l`(r6*bw$(o-c3@()Yst}#b?Nfn)TSQFhcgJFkmZ@
zSCJZ0eNM$O*muP<O&s8g;><2y2(D;-_`Sezh)4OgvvHg`Aqc1_a%Ged_m^0ViCOH_
zwGCDzo;~}<WiGdFv;dmX{z!yrR;YRA5lWNpNkk#O&mqiq&OXWY1X`P^kK=_x-{Hj<
zFbGMd>{KBE>!JB?r33o;vP@^PFp!$7SzExAXc)WvI`Ci2?J|Fx+r#CIzWN+FNMZ3_
z`|3+r4G`IBz)er3osgn9eKDogzXH@rAY^k{g-p)%49lY=nP?{h<p|{3En0WYfqt;p
zDbpf6jQ;TE(4XQkIy~lI#9`A@I}EKUoVpQqj?Ftcdp>GVlb1`=7zpwj8APS0wcvG$
z5?jdQKgu$RT2uf6Y*tyBddgWgBH2yGxUu2l`iA!KULs;&JL$9O=Cr02&Wbo4OLU=&
zL{JZIcG3#m-lFOSf_diCE-)2lY&N5l^2kJsiZQ(^<0#=L$V4IU*p0!^2YQ|}PbaKz
zf@Ta8Bqivac95{R`hJ@EL^2Iq&}PHH6-v@|14s2#+@;HxWgq4&sM?5U^7F=VgM+##
z8jSD4_-m;5ryAOIKUQKVx85zj3W4o0Yy1tc94CGLfl)<y_A-1qc1Gk0k|`82w)_TZ
zdyMej1)t3gbe=E?!T6en*~e>VjlMLh%8$8$CBv#GkFC=}YPC`D9S-$X?v4189E-#S
zj&{bM5r0~@i!^1_n9V%KUuurBxbqbc`^1o?aXfj!tns$)mjzz+n5Wy{x^MRnkHzSU
zU6W!+S+0f|?z-{O<h#)ZZsuD}wq8`&qaAS`&g=<hkvm5_d`+~97z-(nFh(?Po)%Tu
zVoW;y6K153Zk}mCX45azw?+rX{sAdxgt*cN5?h1A{dwGz!!XA_ySd?W3QdHA9mH05
zb*x<vPjPc}OJ0HpMs1}`P|^PGp*GgQ;W(zx?c(4(9{%yZM?U=l)gdnzP<;og5n7X-
zQQ4A5O`*xR`)E`A%nfQSc|_RV$7FDog>uI+3R5tmV<A4{PFxrXhBC^iXXCsQHE+f4
z%GTXOGAOB67mkGQvT1V|4eyNYOzPOECRY|J;m%R&cgCd(@KN9o8{r|cZi?+qRii|S
zmF?@7JfvePxYd}|MzQ`A%Je87_s*8hRs?dk<@^^_m*r1Y_e<!3s%!B})s+xd8?Jly
z<vA;XE9-F~+z4TWEG|mdCeZoP;=#xmOsb1$B$FQAiC9t-_@KwN{nJk6_5-o))~gZP
z=3x$1CB%ta==oPs@bzWMYnx6yF>kl}Sy$cM*z}fz$}f*OqOuUQZ$F(J5boNER!;x4
z4WHNpU}@CY2P51fX3^2+OHy*CZ}Q6<1Fp&}!c|i&2MD;Rz#-w`Yqi2%dQ=s0Z4n(?
z9M2=cte!myHucrXfK^w(Qv)C|z19eZ{b@uyK3KT15-NXV%V?rrY5VbW=9;><BB2RZ
zZntReQ;Hb?r`^FU0>WzLL+-?hE3whjLRXTxl+Sw{b(^u-c-6W_REl$7_{<@)d_7P}
zBEhw1ta)uts`P<d4_MSME~KIM%&poYn-42qchh>pis(3Rj`g66qxMi_h$&v<6&i$y
z?1Y&{y$gS&L<K!s5mNka@u!S?%Q)aq8F%5|$+-S_p$`%O1M!G|DZNnGeAbiUy>(MU
zwGiKsq>%ad1SZAs5^yp}F1=M&m*qLEDsi4P(#%T$qPk;PTYsi!D2BTwCb&sifEC{|
z;@|k;mEE2Q9Ol|%&?0Oym~z4XkZ1a4PS75$|46%^H}rHla3LRY1<$=mq<cilzc7XB
zL~+`!Cc)CX+>NAS2^fLj%g_J<r#i?dfEi%bWBxjPmh?48XSKblMD-fg$gbV<?fuWN
zV2^E&xU5PGLCBc}6J>3O0~xFpd{lmqMtPYSP7;&22whN>93kd+bY!1OcBNFrQ+2wi
zXvRCROwrXF$H^>RI0YeaL8>xt@UCORivPKiYuW=!uIt}QZsM)Z|ACTgbD-oNJ7Pn-
z6uU?if~tEai-yDpduge!PjRfO>a`jjX3bZF*@)#N0=UGtmP66>Et0rBX=@J2U<cXJ
z))(yXBrg0W_lCT`kfn8aTG=sXf}A-J-}wkJ$#=$x4-<&<@?V8qUR^}U{qnzsT&NHK
zeb$mN5(xz%uG>h~4o%Rz=#w&i9<^-g+8~o2V-7o*=BS`<`w-~Qt^X*h5Zt;}$L)8w
z0_~PsN9=}&&o-P^7h`&TDjjK4{z|awVXk5wY2^OvXGp?d2uwO;MDH#iWH~{u)A#OP
zBo%DXZ8r1!O`;($taULkd(}|cTrj2+g>-nk`NA%LHl?UrwH~&;1?IU5>)(%_FuC+$
zypdB~{(unzvq=VcWDe*?fZL3Im67AVP7+Ufb&I$mA*u9Ysy!<S(DI&0xl;wT#|2{;
z(`66F9r+g$-w$j6d2$D{A)rTK1jM2dppP$ehjbxL=D@&%qybtULz)f;cwZZMf)H}|
zuQD*{+UQ?ppfO}X+3WwV1VaGNs55tEB|&NjARweNH_pXzTEYB4GI}xo0~`aeLNa9a
z7EVVhifW)0nGh)NAb-RuQ#+p>DZA}m)~0@R)cEfi?;?g5D)tGDMdRewLKB>~FN8u_
zLsvJ`sIFQ6-D*La0t3WK0?MzLoC8mg?m06sjTmjOj2lh0z8Qh~)}F2<<<B~iC_^<t
zO1t=DA}ow`2a!ByUkG{ZF4q~gCS9_pTOEMwBEV%N%}U))8!4R^F6Vt0jTB;@x<yuj
zWBGj#8016f1GCL#zQJ7V023z9wI5rI2>lLb2&M>cWS+vNGG4ypbQ@xQin;p>Xb8CP
zzn<<4{jk_P%guzSpSZU%?I>uncU-jTFV49;Qq^XnbK$S68_tPDCYD07j)201&F=4_
z(G$`Ujs6HbD-hFc!J`%fC@MGcjaLdH#Y&0s6l6otrxS2#Q3}L+uf|MtR;}JvGHBVn
zkGnx4e2#zd<<G}Pl&q8|_I*5!(4tn|#{)Xt*NWsuK1W%)b!N0Er8#N#<T>fa@EcW`
z6JIV``s|L|qo^A6#41Je{dHjAnF%}8$~w6T6`?t}W|)^$zPjC!(Q08o)R-7wD;7(5
zBGOq%joJIngtvW<bv`{-RWP+Zl8dK$D3Ug*lOHP!P#MF!b?BHw$dqE4ygcQR*j8jB
zsNZ9cZ{Ket4QgO&Y*o%A@?g>`PNpiy>o7cE(A0OjUD^pzgC$E#aI^3E2dD99sGjb9
zINue)X*HO~Mn<>h(p_xsFumqR`V|Kx>AlPRV0zkm^_`vAoPPXcPrg!@+MN`no@{S~
za&nk=2g*qX+*^~X__c#-@@+86dGIrSBG^M@Q2|!Lmn|kR5K}ot`ZXSHfod!2p>Y<(
z><h@iCjlX|)UY#dNA3OQOrxAPv+KT(pV4I2Kw5B1RDFbDDBH1o^3HD(oAapS{-Lxd
zt_9P1_Fi0%bb~Y^f}$ZX!sLxNR6mW{lvQ8q?6VEfhAhPhe1BJ;-m0rX)x}XQ7pk*M
zSFV4-^89sAyCuth@$i}F-r+djh+z%<GUIsH08C!5qadM?niI>}VTD&YrcAsqYCA}u
z<~c|y73RX9`9jXSmqLPB!!is`F-sYsKlUgEt0`TeIAsk9qTCT|#vOl;ai#u6vsXL}
z<?^)&_qQK2AOT9%Va|7TXI7)CKf8jw>yzF`sn0=lPkJ0C5~4VB$is<zJPpvR^Wj_K
ziU9jQ2wKM|x^zw&KGD_bY{JK5^vFSX=h$P+1FM)&+d?vqcjrsijj$o{Bd^|E87oJ+
zv>waj(YZ`tF{%{ANGn&5B3oDKVXubF?$le0`NN4EHr!#{t)fQDqC*Lttbr{vD~op`
zvp5X@x_rWF3WqNeUt%OCxZ$QiMzrSo;rQVlgkce}?xmJI56-y)<wTji0)oef;!KD_
zv_i<g^`tR638@`oh}E_QKlVFjv2(I--(FO_qLX^(UfBJB9+ZXjR>iT5ps|NjVTYA$
zF}DM&+TJycu79$|hKTVL)`2}7?z&^k>!vT)i=sG}V$<w1b;=}E`tqF(l^NBOWmnUz
z1mA1w;H{kkEuxS{NoQjo(G225Y{jh;UuFMTxz;er&xXgPousjv+7xG;dG8UOA6-n|
z`p=+PiW}YPm=+Hs9rs_4c5vlb(CEM9%+UVA+wX;)H){J?zufE@n+Dv1C-r-Cm(h9-
z<En!|i0InTP_|5tlR#`bg`0q^EuXh?v%#y$Fo&5uUnZQ^LP$bV&1JP|I*kpl{UWbU
zX|ai}gNmiU+}S{_Vmq~Ix0S0+fwOFhto&JwzxY;I;j*q%)23=4Q*B5#mb&3d+ocnX
zCybZqDRP1L3db1i{3w0q+|-SBZ)@r^NM1{eC7xKsq}gViW;v_)?gAyCd6TcBSW_mh
zu^vf3t$v-xOr(1-q|ZV{>TGClb|mXki8StzPy@33AU2HFmtch+PD~XImD$j;!VQ6s
zY^l?_Z;W5@671?25)9p~)t#i%!#EpXZyS{Qwv-Z#N@Yd<^i7gRp-mwKAV5Zi6%YK0
z!3<Fvqq2ER6Km5vn7VI97EBw3t0&Se43Mcbu)A<7`@KNJnGIuZWqQ2qcyEG<Hk?yA
ze&-sJ-8<@-I!<+@cW%gOb0BxRZARF#x@^;Hh{Ah9iJ;rlwn91!*O2|7ZvT?wtp}eW
zV0=gJIjz7&8lbfH?(H&>rk|!p_n>yTmY!srG*kqQNxt>iTQ9}L(!M+yPAp*<&0~0{
zy?-n1)ijf7=ieV+0YR!+_OK{uw`ZrbBXPpd_6S_QA9voEmTk-<*m#~MPU+lFJoC|$
z`aA{UmfPU27@s!^=ir?x=iF~EpYcjzHWZhgWJ1@F!y9}5=9w3iN20(bZ;c_~l3Aa6
zWm<)7UYNvSyIsU~TCp!FoihHd2JY##2A`-W0Z-m@D<(y~NnrIp=M?!DHJii|==09g
z#8m0>I>fyB2LcO@y|8pY@7s`vM&^z5zgAkLV&Yd5lYG{$_Sc<rh{`Yj?Vk^=|KQh1
z=>%m{8*@inzTfIU-jVr?926{7_eaPsyryUl`o|0Y_8K5BhlpNc9^I)t>b8!su>LO4
z{{I{E`M-q7RmX@eRcV4G^qB<-6m&BgDO+aj%LCf=KrA(FrdN_Ase5M3uGj>_TGTO9
zO^TP#m(~>>-?9NxA0$vrTS!&zXpEwIJ`7WD7y6DjJE+xLrN5H*xLf^;T_bCH56DFp
zbS9UaY`Luk)ZSMhf4zp>6xXzG4xCW}7G;JH`Rfa~#ZuL1Zf(}KLDbhy5OT)>#*l6v
zd8DH(w*YoJ`!M`5{WS6z{GWTdsKM8qWOPEDi23IohK}o>@8*21XM2d<AIXWb+r8i4
zoW2K>al1}I?&pHHm}ehF;xULjA||}%aXO$2*C$yu@~WYF*`%*(0=G0}K0EWgEh-C0
z1K`IFs`6iL8SE$Y8N~Fw1TNZ_&3z}wApjLlPKpY0{K&@%jzT~I4rh9@fFW(2V>^oU
zDpvhxA`XZ9cqH51{i$hxI;tt_WBzsBlJja?U;(cN(2x$9Zk7YrMGIWLotd~Jy)X|>
z0%ph^oHS9LkX`%R88;A}S@lfC=KiZ84t&iUGCXR`;$pexw%vWWGR(wcBOES_^0OJB
zLwx-F=4~l$(+$yl6rcJZDs64Ipc#2V<3eox0Cf6`1rK|DkK`KhCS)X<jCVFD2KVX*
zOlP(s6QkSIo8m@Q^bUsKb>(Nw<E2gD6iF&}I<l)krLG3E=7(7*rVenIUmrL!^3WW5
zVRf{i0xi>do}Z`5*{;9e&SN~p4pO<QcH^~s+fD{neYpLx3Kou&Fw*{}MEtN97$KL}
z5fiieGPss%jC`=*{1srQYL`JGXpdqEaBJeUf)A7n{eA2aR~oXPLChMj6Ki~Qo)_?f
z+W_Hee%)#cJ&-|FT|ZBFZ~l^(P7%%7GMUfwvP6*J@#HKl7g0rySCf%@-VW5h+9z+U
z+{%$uTzHC~D{m&;BomB(ptR;ZY#V#c=yL(LpKAcwX-dO5P6hSJU-!Mw%(d$o!rcX*
zdN-MMixP2{#d2K@k%%R*4^zGKRNWU~C;O5$7rRd!iM&$|Na-=0?H|B=g1Yh4j8|^E
z1-Ff=OG+?@Zn922Ax2v!Gw7mKcg_sr)cD7zc=LAUN4989)$Ck>r>_h-N6`X>B(K|a
zLGO_X$(89DJFDd=Uf0nR?|AgV_VM~D`<22SPP@9qasnZydoglJnQ|i#t4s_$q?7XH
zHX)K(IuO{+$JCMgvl;O_|GGb=J<|d-u;pla3zFT<{%znWR`1f+*@>tD1mpMC_=cRO
z@Ffc+O;!?WyfySr8kz)g{0pB=5_wEszb1T;E#Tr0cGm?Fsw3f{NSmd+dE?hWdjxtz
zl5!_a>EqKed5+IjW@j?~%{SXLazM1~L`e4FNi5S72>-9w52*4!HF?YO^a|7ibc8#i
zj#sHtiX3l)p9p2ynQ>qW+-ExS-6UF{ChqtT)@kPoto~LVdbe(?;^ehZ#sRQX&)Qb(
ziS)x>6((jPk=-sZNqY2=%gl+UP!~!{kar+Pd2}};U>V6t&dL@%un_&@`Sb20rQe_)
zQYWy$1-bE-`~5=jJ05nD^#e}}lJbt>B>muSY#tPNdG8xi!64fSq3=F3@I1Vid=rh_
zCeM-oADov|A{tc$SKsh|`sF%taTuKYLtAcm1TUeFK}~y$?zrwVKjUu#5h)K2t{=V2
z$VY>C?xjJOQ0oz<s1sWcqx;()jcD2b`7A~NyZ@?Gl1Qp59Mh1X_RZV)#3F~_kK$Do
Kxva}~ef|&cS`zgD

diff --git a/docs/obs/perms-cfg/en-us_image_0000001335934590.png b/docs/obs/perms-cfg/en-us_image_0000001664558420.png
similarity index 100%
rename from docs/obs/perms-cfg/en-us_image_0000001335934590.png
rename to docs/obs/perms-cfg/en-us_image_0000001664558420.png
diff --git a/docs/obs/perms-cfg/obs_40_0001.html b/docs/obs/perms-cfg/obs_40_0001.html
index 306635ff..54c0c78c 100644
--- a/docs/obs/perms-cfg/obs_40_0001.html
+++ b/docs/obs/perms-cfg/obs_40_0001.html
@@ -1,11 +1,11 @@
 <a name="obs_40_0001"></a><a name="obs_40_0001"></a>
 
-<h1 class="topictitle1">Introduction to OBS Access Control</h1>
-<div id="body39451090"><p id="obs_40_0001__p92541859144911">By default, OBS resources (buckets and objects) are private. Only resource owners can access their OBS resources. Without authorization, other users cannot access OBS. OBS permission control refers to granting permissions to other accounts or IAM users by editing access policies. For example, if you have a bucket, you can authorize another IAM user to upload objects to your bucket. You can also open buckets to non-public cloud users, so that anyone can access your buckets as public resources over the Internet. OBS offers different methods to help resource owners grant resource permissions to others as required, keeping data secure.</p>
-<div class="section" id="obs_40_0001__section994612812917"><h4 class="sectiontitle">OBS Permission Control Model</h4><p id="obs_40_0001__p23852817154">OBS provides multiple permission control mechanisms, including IAM permissions, bucket policies, object ACLs, and bucket ACLs. <a href="#obs_40_0001__table16110824101113">Table 1</a> describes the mechanisms and application scenarios.</p>
-<div class="fignone" id="obs_40_0001__fig86382060556"><span class="figcap"><b>Figure 1 </b>OBS permission control mechanisms</span><br><span><img id="obs_40_0001__image19638268557" src="en-us_image_0257815079.png"></span></div>
+<h1 class="topictitle1">Differences Between OBS Permissions Control Methods</h1>
+<div id="body39451090"><p id="obs_40_0001__p92541859144911">By default, OBS resources (buckets and objects) are private. Only resource owners can access their OBS resources. Other users cannot access such resources without authorization. OBS permission control helps you control access from other accounts or IAM users. For example, you can authorize another IAM user to upload objects to your bucket. You can also grant permissions to non-public cloud users, so that they can access your bucket over the Internet. OBS provides different methods for resource owners to grant permissions to others as needed.</p>
+<div class="section" id="obs_40_0001__section994612812917"><h4 class="sectiontitle">OBS Permission Control Methods</h4><p id="obs_40_0001__p23852817154">OBS provides multiple permission control methods, including IAM permissions, bucket policies, object ACLs, and bucket ACLs. <a href="#obs_40_0001__table16110824101113">Table 1</a> describes the methods and their application scenarios.</p>
+<div class="fignone" id="obs_40_0001__fig86382060556"><span class="figcap"><b>Figure 1 </b>OBS permission control methods</span><br><span><img id="obs_40_0001__image19638268557" src="en-us_image_0257815079.png"></span></div>
 
-<div class="tablenoborder"><a name="obs_40_0001__table16110824101113"></a><a name="table16110824101113"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0001__table16110824101113" frame="border" border="1" rules="all"><caption><b>Table 1 </b>OBS permission control mechanisms and application scenarios</caption><thead align="left"><tr id="obs_40_0001__row191137249118"><th align="left" class="cellrowborder" valign="top" width="15%" id="mcps1.3.2.4.2.4.1.1"><p id="obs_40_0001__p101139244117">Method</p>
+<div class="tablenoborder"><a name="obs_40_0001__table16110824101113"></a><a name="table16110824101113"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0001__table16110824101113" frame="border" border="1" rules="all"><caption><b>Table 1 </b>OBS permission control methods and application scenarios</caption><thead align="left"><tr id="obs_40_0001__row191137249118"><th align="left" class="cellrowborder" valign="top" width="15%" id="mcps1.3.2.4.2.4.1.1"><p id="obs_40_0001__p101139244117">Method</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="40%" id="mcps1.3.2.4.2.4.1.2"><p id="obs_40_0001__p13113224171114">Description</p>
 </th>
@@ -15,7 +15,7 @@
 </thead>
 <tbody><tr id="obs_40_0001__row31131324201112"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.2.4.2.4.1.1 "><p id="obs_40_0001__p411392481118">IAM permissions</p>
 </td>
-<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.4.2.4.1.2 "><p id="obs_40_0001__p15113152418112">IAM permissions define the actions that can be performed on your cloud resources. In other words, IAM permissions specify what actions are allowed or denied. After an IAM user is created, the administrator needs to add the user to a group. IAM can grant the user group required OBS access permissions, and then all users in the group automatically inherit the permissions of the user group.</p>
+<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.4.2.4.1.2 "><p id="obs_40_0001__p15113152418112">IAM permissions define the actions that can be performed on your cloud resources. In other words, IAM permissions specify what actions are allowed or denied. After an IAM user is created, the administrator needs to add the user to a group. IAM can grant the user group required permissions so that all users in the group automatically inherit the permissions of the user group.</p>
 </td>
 <td class="cellrowborder" valign="top" width="45%" headers="mcps1.3.2.4.2.4.1.3 "><ul id="obs_40_0001__ul319124042416"><li id="obs_40_0001__li659151842013">Controlling access to all OBS buckets under an account</li><li id="obs_40_0001__li6730112282013">Controlling access to all OBS objects under an account</li><li id="obs_40_0001__li859111882010">Controlling access to specified OBS resources under an account</li></ul>
 </td>
@@ -24,101 +24,101 @@
 </td>
 <td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.4.2.4.1.2 "><p id="obs_40_0001__p1931312295148">A bucket policy is attached to a bucket and objects in the bucket. Bucket owners can use bucket policies to grant IAM users or other accounts the permissions to operate buckets and objects in the buckets. ACLs of buckets and objects supplement bucket policies, and in many cases, bucket policies replace ACLs.</p>
 </td>
-<td class="cellrowborder" valign="top" width="45%" headers="mcps1.3.2.4.2.4.1.3 "><ul id="obs_40_0001__ul1231302991411"><li id="obs_40_0001__li53131829181412">Granting other accounts the permissions to access OBS resources</li><li id="obs_40_0001__li931310297146">Configuring bucket policies to grant IAM users various access permissions to different buckets</li></ul>
+<td class="cellrowborder" valign="top" width="45%" headers="mcps1.3.2.4.2.4.1.3 "><ul id="obs_40_0001__ul1231302991411"><li id="obs_40_0001__li53131829181412">Granting other accounts the permissions to access buckets</li><li id="obs_40_0001__li931310297146">Granting IAM users the permissions to access buckets</li></ul>
 </td>
 </tr>
 <tr id="obs_40_0001__row15966232171415"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.2.4.2.4.1.1 "><p id="obs_40_0001__p1699324454219">Object ACLs</p>
 </td>
-<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.4.2.4.1.2 "><p id="obs_40_0001__p715844613142">Controls access to objects for accounts or user groups. Object owners can configure the object access control list (ACL) to grant basic read and write permissions to specified accounts or user groups.</p>
-<div class="note" id="obs_40_0001__note1415854615143"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="obs_40_0001__ul1515874671418"><li id="obs_40_0001__li2015824612145">By default, an object ACL is created upon the creation of the object. The object owner has full control over the object.</li><li id="obs_40_0001__li2015854619149">An object owner is the account that uploads the object, but may not be the owner of the bucket that stores the object. For example, account <strong id="obs_40_0001__b122201620448">B</strong> is granted the permission to access a bucket of account <strong id="obs_40_0001__b3225120742">A</strong>, and account <strong id="obs_40_0001__b9225020948">B</strong> uploads a file to the bucket. In that case, instead of the bucket owner account <strong id="obs_40_0001__b7226720144">A</strong>, account <strong id="obs_40_0001__b22261220349">B</strong> is the owner of the object. By default, account A is not allowed to access this object and cannot read or modify the object ACL.</li></ul>
+<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.4.2.4.1.2 "><p id="obs_40_0001__p715844613142">Object owners can configure object access control lists (ACLs) to grant read and write permissions to specified accounts or user groups.</p>
+<div class="note" id="obs_40_0001__note1415854615143"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="obs_40_0001__ul1515874671418"><li id="obs_40_0001__li2015824612145">By default, an object ACL is created when the object is uploaded, granting the object owner the full control over the object.</li><li id="obs_40_0001__li2015854619149">An object owner is the account that uploads the object and is not necessarily the owner of the bucket that stores the object. For example, account <strong id="obs_40_0001__b122201620448">B</strong> is granted the permission to access a bucket of account <strong id="obs_40_0001__b3225120742">A</strong>, and account <strong id="obs_40_0001__b9225020948">B</strong> uploads a file to the bucket. In that case, account <strong id="obs_40_0001__b22261220349">B</strong> is the owner of the object. By default, account A is not allowed to access this object and cannot read or modify the object ACL.</li></ul>
 </div></div>
 </td>
-<td class="cellrowborder" valign="top" width="45%" headers="mcps1.3.2.4.2.4.1.3 "><ul id="obs_40_0001__ul6158184661418"><li id="obs_40_0001__li171581146201417">If object-level access control is required, a bucket policy can be used to grant the access permission to an object or a set of objects. After the access permission is granted to an object set, it is not practical to configure a bucket policy to grant the access permission to an object in the object set separately. Then the object ACL is recommended for easier access control over single objects.</li><li id="obs_40_0001__li13158646141418">An object is accessed through a URL. Generally, if you want to grant anonymous users the permission to read an object through a URL, use the object ACL.</li></ul>
+<td class="cellrowborder" valign="top" width="45%" headers="mcps1.3.2.4.2.4.1.3 "><ul id="obs_40_0001__ul6158184661418"><li id="obs_40_0001__li171581146201417">If object-level access control is required, you can configure a bucket policy to grant the permissions to an object or a set of objects. If you have configured the permissions for a set of objects, it is not practical to configure a bucket policy to control access to each object separately. Instead, you can configure the object ACL to control access to each object.</li><li id="obs_40_0001__li13158646141418">An object can be accessed through a URL. If you want to grant anonymous users the permission to read an object through a URL, you can configure an object ACL.</li></ul>
 </td>
 </tr>
 <tr id="obs_40_0001__row183426374143"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.2.4.2.4.1.1 "><p id="obs_40_0001__p8810165361119">Bucket ACLs</p>
 </td>
-<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.4.2.4.1.2 "><p id="obs_40_0001__p31587467141">Controls access to buckets for accounts or user groups. Bucket owners can configure the bucket ACL to grant basic read and write permissions to specified accounts or user groups.</p>
-<div class="note" id="obs_40_0001__note1715884618143"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="obs_40_0001__ul4158144681420"><li id="obs_40_0001__li7158184611416">By default, a bucket ACL is created upon the creation of the bucket. The bucket owner has full control over the bucket.</li><li id="obs_40_0001__li2015824671415">Bucket ACLs do not provide fine-grained permission control. Generally, IAM permissions and bucket policies are recommended.</li></ul>
+<td class="cellrowborder" valign="top" width="40%" headers="mcps1.3.2.4.2.4.1.2 "><p id="obs_40_0001__p31587467141">Bucket owners can configure bucket ACLs to grant read and write permissions to specified accounts or user groups.</p>
+<div class="note" id="obs_40_0001__note1715884618143"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="obs_40_0001__ul4158144681420"><li id="obs_40_0001__li7158184611416">By default, a bucket ACL is created when the bucket is created, granting the bucket owner the full control over the bucket.</li><li id="obs_40_0001__li2015824671415">Bucket ACLs do not provide fine-grained permission control. Generally, IAM permissions and bucket policies are recommended.</li></ul>
 </div></div>
 </td>
-<td class="cellrowborder" valign="top" width="45%" headers="mcps1.3.2.4.2.4.1.3 "><ul id="obs_40_0001__ul1215818466148"><li id="obs_40_0001__li20158164614147">Granting an account the read and write access to a bucket, so that data in the bucket can be shared or external buckets can be added. For example, after account <strong id="obs_40_0001__b369114073213">A</strong> grants account <strong id="obs_40_0001__b46911203327">B</strong> the read and write access to a bucket, account <strong id="obs_40_0001__b669218013213">B</strong> can access the bucket by adding an external bucket through OBS Browser+ or using APIs and SDKs.</li><li id="obs_40_0001__li17158746131416">Grant the log delivery user group with the write access to the target bucket, so that access logs can be delivered to the target bucket.</li></ul>
+<td class="cellrowborder" valign="top" width="45%" headers="mcps1.3.2.4.2.4.1.3 "><ul id="obs_40_0001__ul1215818466148"><li id="obs_40_0001__li20158164614147">Granting an account the read and write permissions to a bucket for sharing data in the bucket or adding external buckets. For example, after account <strong id="obs_40_0001__b369114073213">A</strong> grants account <strong id="obs_40_0001__b46911203327">B</strong> the read and write permissions to a bucket, account <strong id="obs_40_0001__b669218013213">B</strong> can access the bucket by adding an external bucket through OBS Browser+ or using APIs and SDKs.</li><li id="obs_40_0001__li17158746131416">Granting the log delivery user write permissions to the bucket that stores access logs.</li></ul>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
 </div>
-<div class="section" id="obs_40_0001__section1360784432715"><h4 class="sectiontitle">Relationship Between OBS Permissions and IAM Permissions</h4><p id="obs_40_0001__p01421253102710">OBS provides multiple permission control mechanisms, including time-limited access to objects, object ACLs, bucket ACLs, and bucket policies. Some service-level permissions (for example, creating a bucket and listing all buckets) cannot be configured through OBS and can only be configured on IAM. OBS permissions apply only to resources (buckets and objects). To grant both OBS service-level and resource-level permissions, you must use IAM permissions or both IAM and OBS permissions.</p>
-<div class="fignone" id="obs_40_0001__fig95331179511"><span class="figcap"><b>Figure 2 </b>Relationship between OBS permissions and IAM permissions</span><br><span><img id="obs_40_0001__image1253312172517" src="en-us_image_0257817646.png"></span></div>
+<div class="section" id="obs_40_0001__section1360784432715"><h4 class="sectiontitle">Relationships Between OBS Permissions and IAM Permissions</h4><p id="obs_40_0001__p01421253102710">OBS provides multiple permission control methods, including time-limited access to objects, object ACLs, bucket ACLs, and bucket policies. Some service-level permissions (for example, creating a bucket and listing all buckets) cannot be configured through OBS and can only be configured on IAM. OBS permissions apply only to resources (buckets and objects). To grant both OBS service-level and resource-level permissions, you must use IAM permissions or both IAM and OBS permissions.</p>
+<div class="fignone" id="obs_40_0001__fig95331179511"><span class="figcap"><b>Figure 2 </b>Relationships between OBS permissions and IAM permissions</span><br><span><img id="obs_40_0001__image1253312172517" src="en-us_image_0257817646.png"></span></div>
 </div>
-<div class="section" id="obs_40_0001__section753694015118"><h4 class="sectiontitle">OBS Permission Control Elements</h4><p id="obs_40_0001__p4739113825">The following factors determine the authorization result:</p>
-<ul id="obs_40_0001__ul1383016201242"><li id="obs_40_0001__li188304204419"><strong id="obs_40_0001__b638919453413">Principal (authorized user)</strong></li><li id="obs_40_0001__li1529014411647"><strong id="obs_40_0001__b1622911101259">Effect</strong></li><li id="obs_40_0001__li1816418241945"><strong id="obs_40_0001__b14307713195516">Resource</strong></li><li id="obs_40_0001__li72566261841"><strong id="obs_40_0001__b016518815611">Action</strong></li><li id="obs_40_0001__li1179328148"><strong id="obs_40_0001__b19431486133114">Condition</strong></li></ul>
-<p id="obs_40_0001__p1378311151433">For details about elements, see <a href="obs_40_0041.html">Bucket Policy Parameters</a>.</p>
-<p id="obs_40_0001__p15693142162310"><a href="#obs_40_0001__table260016521874">Table 2</a> describes elements in different permission control mechanisms.</p>
+<div class="section" id="obs_40_0001__section753694015118"><h4 class="sectiontitle">OBS Permission Control Elements</h4><p id="obs_40_0001__p4739113825">Authorization is determined by:</p>
+<ul id="obs_40_0001__ul1383016201242"><li id="obs_40_0001__li188304204419"><strong id="obs_40_0001__b638919453413">Principal (authorized user)</strong></li><li id="obs_40_0001__li1529014411647"><strong id="obs_40_0001__b14921058314">Effect</strong><strong id="obs_40_0001__b1949213581813"></strong></li><li id="obs_40_0001__li1816418241945"><strong id="obs_40_0001__b14307713195516">Resource</strong></li><li id="obs_40_0001__li72566261841"><strong id="obs_40_0001__b016518815611">Action</strong></li><li id="obs_40_0001__li1179328148"><strong id="obs_40_0001__b19431486133114">Condition</strong></li></ul>
+<p id="obs_40_0001__p1378311151433">For details about these elements, see <a href="obs_40_0041.html">Bucket Policy Parameters</a>.</p>
+<p id="obs_40_0001__p15693142162310"><a href="#obs_40_0001__table260016521874">Table 2</a> describes the elements in different permission control methods.</p>
 
-<div class="tablenoborder"><a name="obs_40_0001__table260016521874"></a><a name="table260016521874"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0001__table260016521874" frame="border" border="1" rules="all"><caption><b>Table 2 </b>OBS permission control elements in different permission control mechanisms</caption><thead align="left"><tr id="obs_40_0001__row460117526717"><th align="left" class="cellrowborder" valign="top" width="12.3%" id="mcps1.3.4.6.2.7.1.1"><p id="obs_40_0001__p1360195211716">Method</p>
+<div class="tablenoborder"><a name="obs_40_0001__table260016521874"></a><a name="table260016521874"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0001__table260016521874" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Elements in different OBS permission control methods</caption><thead align="left"><tr id="obs_40_0001__row460117526717"><th align="left" class="cellrowborder" valign="top" width="12.3%" id="mcps1.3.4.6.2.7.1.1"><p id="obs_40_0001__p1360195211716">Method</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="15.72%" id="mcps1.3.4.6.2.7.1.2"><p id="obs_40_0001__p14601195211713">Principal</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="10.24%" id="mcps1.3.4.6.2.7.1.3"><p id="obs_40_0001__p1853863251513">Supported Effect</p>
+<th align="left" class="cellrowborder" valign="top" width="10.24%" id="mcps1.3.4.6.2.7.1.3"><p id="obs_40_0001__p1853863251513">Effect</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="14.549999999999999%" id="mcps1.3.4.6.2.7.1.4"><p id="obs_40_0001__p96010521720">Authorized Resource</p>
+<th align="left" class="cellrowborder" valign="top" width="14.549999999999999%" id="mcps1.3.4.6.2.7.1.4"><p id="obs_40_0001__p96010521720">Resource</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="34.5%" id="mcps1.3.4.6.2.7.1.5"><p id="obs_40_0001__p360112529714">Authorized Action</p>
+<th align="left" class="cellrowborder" valign="top" width="34.5%" id="mcps1.3.4.6.2.7.1.5"><p id="obs_40_0001__p360112529714">Action</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="12.690000000000001%" id="mcps1.3.4.6.2.7.1.6"><p id="obs_40_0001__p16954324101215">Condition Configuration</p>
+<th align="left" class="cellrowborder" valign="top" width="12.690000000000001%" id="mcps1.3.4.6.2.7.1.6"><p id="obs_40_0001__p16954324101215">Condition</p>
 </th>
 </tr>
 </thead>
 <tbody><tr id="obs_40_0001__row1560119521271"><td class="cellrowborder" valign="top" width="12.3%" headers="mcps1.3.4.6.2.7.1.1 "><p id="obs_40_0001__p261612618166">IAM Permissions</p>
 </td>
-<td class="cellrowborder" valign="top" width="15.72%" headers="mcps1.3.4.6.2.7.1.2 "><p id="obs_40_0001__p1060213527710">IAM user</p>
+<td class="cellrowborder" valign="top" width="15.72%" headers="mcps1.3.4.6.2.7.1.2 "><p id="obs_40_0001__p1060213527710">IAM users</p>
 </td>
 <td class="cellrowborder" valign="top" width="10.24%" headers="mcps1.3.4.6.2.7.1.3 "><ul id="obs_40_0001__ul2467105913177"><li id="obs_40_0001__li104671259161715">Allow</li><li id="obs_40_0001__li6774141021812">Deny</li></ul>
 </td>
 <td class="cellrowborder" valign="top" width="14.549999999999999%" headers="mcps1.3.4.6.2.7.1.4 "><p id="obs_40_0001__p760214521877">All or specified OBS resources</p>
 </td>
-<td class="cellrowborder" valign="top" width="34.5%" headers="mcps1.3.4.6.2.7.1.5 "><p id="obs_40_0001__p1760210521672">All permissions to access OBS</p>
+<td class="cellrowborder" valign="top" width="34.5%" headers="mcps1.3.4.6.2.7.1.5 "><p id="obs_40_0001__p1760210521672">Access OBS</p>
 </td>
 <td class="cellrowborder" valign="top" width="12.690000000000001%" headers="mcps1.3.4.6.2.7.1.6 "><p id="obs_40_0001__p1095411243121">Supported</p>
 </td>
 </tr>
-<tr id="obs_40_0001__row41341345164810"><td class="cellrowborder" valign="top" width="12.3%" headers="mcps1.3.4.6.2.7.1.1 "><p id="obs_40_0001__p20968144554813">Bucket Policy</p>
+<tr id="obs_40_0001__row41341345164810"><td class="cellrowborder" valign="top" width="12.3%" headers="mcps1.3.4.6.2.7.1.1 "><p id="obs_40_0001__p20968144554813">Bucket Policies</p>
 </td>
-<td class="cellrowborder" valign="top" width="15.72%" headers="mcps1.3.4.6.2.7.1.2 "><ul id="obs_40_0001__ul20968945154814"><li id="obs_40_0001__li59682453482">Account</li><li id="obs_40_0001__li139681645104817">IAM user</li><li id="obs_40_0001__li14968164544816">Anonymous users</li></ul>
+<td class="cellrowborder" valign="top" width="15.72%" headers="mcps1.3.4.6.2.7.1.2 "><ul id="obs_40_0001__ul20968945154814"><li id="obs_40_0001__li59682453482">Accounts</li><li id="obs_40_0001__li139681645104817">IAM users</li><li id="obs_40_0001__li14968164544816">Anonymous users</li></ul>
 </td>
 <td class="cellrowborder" valign="top" width="10.24%" headers="mcps1.3.4.6.2.7.1.3 "><ul id="obs_40_0001__ul1896834584813"><li id="obs_40_0001__li149681045144817">Allow</li><li id="obs_40_0001__li1996817451486">Deny</li></ul>
 </td>
 <td class="cellrowborder" valign="top" width="14.549999999999999%" headers="mcps1.3.4.6.2.7.1.4 "><p id="obs_40_0001__p19681345124816">Specified bucket and resources in the bucket</p>
 </td>
-<td class="cellrowborder" valign="top" width="34.5%" headers="mcps1.3.4.6.2.7.1.5 "><p id="obs_40_0001__p29681145104814">All permissions to access OBS</p>
+<td class="cellrowborder" valign="top" width="34.5%" headers="mcps1.3.4.6.2.7.1.5 "><p id="obs_40_0001__p29681145104814">Access OBS</p>
 </td>
 <td class="cellrowborder" valign="top" width="12.690000000000001%" headers="mcps1.3.4.6.2.7.1.6 "><p id="obs_40_0001__p0968134544816">Supported</p>
 </td>
 </tr>
-<tr id="obs_40_0001__row69571156174816"><td class="cellrowborder" valign="top" width="12.3%" headers="mcps1.3.4.6.2.7.1.1 "><p id="obs_40_0001__p1863011104911">Object ACL</p>
+<tr id="obs_40_0001__row69571156174816"><td class="cellrowborder" valign="top" width="12.3%" headers="mcps1.3.4.6.2.7.1.1 "><p id="obs_40_0001__p1863011104911">Object ACLs</p>
 </td>
-<td class="cellrowborder" valign="top" width="15.72%" headers="mcps1.3.4.6.2.7.1.2 "><ul id="obs_40_0001__ul166308120499"><li id="obs_40_0001__li463018184914">Account</li><li id="obs_40_0001__li563018110490">Anonymous users</li></ul>
+<td class="cellrowborder" valign="top" width="15.72%" headers="mcps1.3.4.6.2.7.1.2 "><ul id="obs_40_0001__ul166308120499"><li id="obs_40_0001__li463018184914">Accounts</li><li id="obs_40_0001__li563018110490">Anonymous users</li></ul>
 </td>
 <td class="cellrowborder" valign="top" width="10.24%" headers="mcps1.3.4.6.2.7.1.3 "><p id="obs_40_0001__p363017154915">Allow</p>
 </td>
 <td class="cellrowborder" valign="top" width="14.549999999999999%" headers="mcps1.3.4.6.2.7.1.4 "><p id="obs_40_0001__p163016184919">Specified object</p>
 </td>
-<td class="cellrowborder" valign="top" width="34.5%" headers="mcps1.3.4.6.2.7.1.5 "><ul id="obs_40_0001__ul6630161154917"><li id="obs_40_0001__li116301814493">Obtains the content and metadata of a specified object.</li><li id="obs_40_0001__li8630151144912">Obtains the content and metadata of an object with a specified version.</li><li id="obs_40_0001__li1463051134918">Obtains information about an object ACL.</li><li id="obs_40_0001__li18630191184918">Obtains information about the ACL for an object of a specified version.</li><li id="obs_40_0001__li063012116490">Configures an object ACL.</li><li id="obs_40_0001__li126304112497">Configures the ACL for an object of a specified version.</li></ul>
+<td class="cellrowborder" valign="top" width="34.5%" headers="mcps1.3.4.6.2.7.1.5 "><ul id="obs_40_0001__ul6630161154917"><li id="obs_40_0001__li116301814493">Obtain the content and metadata of a specified object.</li><li id="obs_40_0001__li8630151144912">Obtain the content and metadata of an object of a specified version.</li><li id="obs_40_0001__li1463051134918">Obtain information about an object ACL.</li><li id="obs_40_0001__li18630191184918">Obtain information about the ACL for an object of a specified version.</li><li id="obs_40_0001__li063012116490">Configure an ACL for an object.</li><li id="obs_40_0001__li126304112497">Configure an ACL for an object of a specified version.</li></ul>
 </td>
 <td class="cellrowborder" valign="top" width="12.690000000000001%" headers="mcps1.3.4.6.2.7.1.6 "><p id="obs_40_0001__p36301810493">Not supported</p>
 </td>
 </tr>
-<tr id="obs_40_0001__row154505934818"><td class="cellrowborder" valign="top" width="12.3%" headers="mcps1.3.4.6.2.7.1.1 "><p id="obs_40_0001__p16311816490">Bucket ACL</p>
+<tr id="obs_40_0001__row154505934818"><td class="cellrowborder" valign="top" width="12.3%" headers="mcps1.3.4.6.2.7.1.1 "><p id="obs_40_0001__p16311816490">Bucket ACLs</p>
 </td>
-<td class="cellrowborder" valign="top" width="15.72%" headers="mcps1.3.4.6.2.7.1.2 "><ul id="obs_40_0001__ul263118104917"><li id="obs_40_0001__li86311316495">Account</li><li id="obs_40_0001__li126311316497">Anonymous users</li><li id="obs_40_0001__li86313118497">Log delivery user groups</li></ul>
+<td class="cellrowborder" valign="top" width="15.72%" headers="mcps1.3.4.6.2.7.1.2 "><ul id="obs_40_0001__ul263118104917"><li id="obs_40_0001__li86311316495">Accounts</li><li id="obs_40_0001__li126311316497">Anonymous users</li><li id="obs_40_0001__li86313118497">Log delivery user groups</li></ul>
 </td>
 <td class="cellrowborder" valign="top" width="10.24%" headers="mcps1.3.4.6.2.7.1.3 "><p id="obs_40_0001__p126317112494">Allow</p>
 </td>
 <td class="cellrowborder" valign="top" width="14.549999999999999%" headers="mcps1.3.4.6.2.7.1.4 "><p id="obs_40_0001__p26311518495">Specified bucket</p>
 </td>
-<td class="cellrowborder" valign="top" width="34.5%" headers="mcps1.3.4.6.2.7.1.5 "><ul id="obs_40_0001__ul763112116495"><li id="obs_40_0001__li156315134914">Identifies whether a bucket exists.</li><li id="obs_40_0001__li196313144911">Lists objects in a bucket, and gets the bucket metadata.</li><li id="obs_40_0001__li163116118494">Lists versioned objects in a bucket.</li><li id="obs_40_0001__li963112114493">Lists multipart uploads.</li><li id="obs_40_0001__li5631510498">Performs PUT upload, POST upload, multipart upload, initialization of uploaded parts, and merging of parts.</li><li id="obs_40_0001__li063101104919">Deletes an Object.</li><li id="obs_40_0001__li16631201114915">Deletes an object of a specified version.</li><li id="obs_40_0001__li96318114917">Obtains bucket ACL information.</li><li id="obs_40_0001__li11631131154915">Configures a bucket ACL.</li><li id="obs_40_0001__li559010418598">Obtains object content.</li><li id="obs_40_0001__li1167213488592">Obtains object metadata.</li></ul>
+<td class="cellrowborder" valign="top" width="34.5%" headers="mcps1.3.4.6.2.7.1.5 "><ul id="obs_40_0001__ul763112116495"><li id="obs_40_0001__li156315134914">Identify whether a bucket exists.</li><li id="obs_40_0001__li196313144911">List objects in a bucket, and obtain the bucket metadata.</li><li id="obs_40_0001__li163116118494">List versioned objects in a bucket.</li><li id="obs_40_0001__li963112114493">List multipart uploads.</li><li id="obs_40_0001__li5631510498">Upload using PUT and POST, upload multiparts, and initialize and merge uploaded parts.</li><li id="obs_40_0001__li063101104919">Delete an object.</li><li id="obs_40_0001__li16631201114915">Delete an object of a specified version.</li><li id="obs_40_0001__li96318114917">Obtain bucket ACL information.</li><li id="obs_40_0001__li11631131154915">Configure a bucket ACL.</li><li id="obs_40_0001__li559010418598">Obtain object content.</li><li id="obs_40_0001__li1167213488592">Obtain object metadata.</li></ul>
 </td>
 <td class="cellrowborder" valign="top" width="12.690000000000001%" headers="mcps1.3.4.6.2.7.1.6 "><p id="obs_40_0001__p46311711490">Not supported</p>
 </td>
@@ -127,40 +127,40 @@
 </table>
 </div>
 </div>
-<div class="section" id="obs_40_0001__section1229213575018"><h4 class="sectiontitle">How to Select IAM Permissions, Bucket Policies, and ACLs</h4><p id="obs_40_0001__p3982038155413">Based on the advantages and disadvantages of the three elements, you are advised to preferentially use IAM permissions and bucket policies.</p>
-<ul id="obs_40_0001__ul9197115320581"><li id="obs_40_0001__li598223814541">Select IAM permissions in the following scenarios:<ul id="obs_40_0001__ul18122163213559"><li id="obs_40_0001__li11501131425518">Grant the same permissions to numerous IAM users under the same account.</li><li id="obs_40_0001__li86311036125518">Grant the same permissions to all OBS resources or multiple buckets.</li><li id="obs_40_0001__li1865494025511">Configure OBS service-level permissions, such as creating and listing buckets.</li><li id="obs_40_0001__li31356503553">Restrict the permissions of temporary access keys used for temporarily authorized access to OBS.</li></ul>
-</li><li id="obs_40_0001__li119755317581">Select bucket policies in the following scenarios:<ul id="obs_40_0001__ul4197175315817"><li id="obs_40_0001__li7881455614">Grant permissions across accounts or grant permissions to anonymous users.</li><li id="obs_40_0001__li171971153205820">Grant different permissions to different IAM users under the same account.</li></ul>
-</li><li id="obs_40_0001__li18409643175919">Still do not know what to select?<p id="obs_40_0001__p93731624145815"><a name="obs_40_0001__li18409643175919"></a><a name="li18409643175919"></a>Identify the problem you are most concerned with:</p>
-<ul id="obs_40_0001__ul13605115225912"><li id="obs_40_0001__li17373162425814">What the user can do - IAM permissions recommended<p id="obs_40_0001__p33731124165812"><a name="obs_40_0001__li17373162425814"></a><a name="li17373162425814"></a>You can search for an IAM user and check the permissions of the user group to which the user belongs to know what the user can do.</p>
-</li><li id="obs_40_0001__li1606252165917">Who can access an OBS bucket - Bucket policies recommended<p id="obs_40_0001__p1060614528599"><a name="obs_40_0001__li1606252165917"></a><a name="li1606252165917"></a>You can query the bucket and check the bucket policy to know who can access the bucket.</p>
+<div class="section" id="obs_40_0001__section1229213575018"><h4 class="sectiontitle">Which Permissions Should I Select?</h4><p id="obs_40_0001__p3982038155413">Considering the advantages and disadvantages of the elements, you are advised to use IAM permissions and bucket policies.</p>
+<ul id="obs_40_0001__ul9197115320581"><li id="obs_40_0001__li598223814541">Select IAM permissions to:<ul id="obs_40_0001__ul18122163213559"><li id="obs_40_0001__li11501131425518">Grant the same permissions to numerous IAM users under the same account.</li><li id="obs_40_0001__li86311036125518">Grant the same permissions to all OBS resources or multiple buckets.</li><li id="obs_40_0001__li1865494025511">Configure OBS service-level permissions, such as creating and listing buckets.</li><li id="obs_40_0001__li31356503553">Restrict the permissions of temporary access keys used for OBS access.</li></ul>
+</li><li id="obs_40_0001__li119755317581">Select bucket policies to:<ul id="obs_40_0001__ul4197175315817"><li id="obs_40_0001__li7881455614">Grant permissions across accounts or to anonymous users.</li><li id="obs_40_0001__li171971153205820">Grant different permissions to different IAM users under the same account.</li></ul>
+</li><li id="obs_40_0001__li18409643175919">Are you still unsure what to select?<p id="obs_40_0001__p93731624145815"><a name="obs_40_0001__li18409643175919"></a><a name="li18409643175919"></a>Identify what you are most concerned about:</p>
+<ul id="obs_40_0001__ul13605115225912"><li id="obs_40_0001__li17373162425814">If you want to control what a user can do, choose IAM permissions.<p id="obs_40_0001__p33731124165812"><a name="obs_40_0001__li17373162425814"></a><a name="li17373162425814"></a>You can search for an IAM user and check the permissions of the user group to which the user belongs to see what the user can do.</p>
+</li><li id="obs_40_0001__li1606252165917">If you want to control access to a bucket, choose bucket policies.<p id="obs_40_0001__p1060614528599"><a name="obs_40_0001__li1606252165917"></a><a name="li1606252165917"></a>You can query the bucket and check the bucket policy to know who can access the bucket.</p>
 </li></ul>
 </li></ul>
-<div class="note" id="obs_40_0001__note34441629202"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0001__p8444129108">It is better for you to use the same method for access control, because as the number of IAM permissions and bucket policies increase, access maintenance will become increasingly difficult.</p>
+<div class="note" id="obs_40_0001__note34441629202"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0001__p8444129108">To ensure easier permission maintenance, it is recommended to use the same method for permission control, especially as the number of IAM permissions and bucket policies grows.</p>
 </div></div>
 </div>
-<p id="obs_40_0001__p916319451304"><strong id="obs_40_0001__b85498420346">When to Select an ACL?</strong></p>
-<ul id="obs_40_0001__ul51633454011"><li id="obs_40_0001__li171637457020">As a supplement to IAM permissions and bucket policies:<p id="obs_40_0001__p616364517011"><a name="obs_40_0001__li171637457020"></a><a name="li171637457020"></a>IAM permissions and bucket policies have granted access permissions to an object set, but you want to grant access permissions to a single object.</p>
-</li><li id="obs_40_0001__li616310451017">To allow an object to be accessible to all anonymous Internet users, configuring object ACL operations is more convenient.<p id="obs_40_0001__p2163845807"><a name="obs_40_0001__li616310451017"></a><a name="li616310451017"></a>When uploading an object, you can use the ACL header to specify the read and write permissions of the object.</p>
+<p id="obs_40_0001__p916319451304"><strong id="obs_40_0001__b85498420346">Configure an ACL if you want to:</strong></p>
+<ul id="obs_40_0001__ul51633454011"><li id="obs_40_0001__li171637457020">Grant permissions to a single object:<p id="obs_40_0001__p616364517011"><a name="obs_40_0001__li171637457020"></a><a name="li171637457020"></a>If you already have IAM permissions and bucket policies configured for a set of objects, you can use an ACL to grant permissions to a single object in the set.</p>
+</li><li id="obs_40_0001__li616310451017">Allow an object to be accessible to all anonymous Internet users:<p id="obs_40_0001__p2163845807"><a name="obs_40_0001__li616310451017"></a><a name="li616310451017"></a>You can use an ACL header to specify read and write permissions on an object during upload.</p>
 </li></ul>
-<div class="section" id="obs_40_0001__section168541631121519"><h4 class="sectiontitle">Relationship Between Bucket ACLs and Bucket Policies</h4><p id="obs_40_0001__p457674219154">Bucket ACLs are used to control basic read and write access to buckets. Custom settings of bucket policies support more actions that can be performed on buckets. Bucket ACLs supplement bucket policies. In many cases, bucket policies can replace bucket ACLs to manage access to buckets. <a href="obs_40_0043.html">Relationship Between Bucket Policies and Bucket ACLs</a> shows the mapping between bucket ACL access permissions and bucket policy actions.</p>
+<div class="section" id="obs_40_0001__section168541631121519"><h4 class="sectiontitle">Relationships Between Bucket ACLs and Bucket Policies</h4><p id="obs_40_0001__p457674219154">Bucket ACLs control read and write permissions on buckets. Custom bucket policies allow a more refined control over more actions on buckets. In many cases, bucket policies can replace bucket ACLs to manage access to buckets more precisely. <a href="obs_40_0043.html">Relationship Between Bucket ACLs and Bucket Policies</a> shows the mapping between bucket ACLs and bucket policies.</p>
 </div>
-<div class="section" id="obs_40_0001__section1381514334364"><h4 class="sectiontitle">OBS Permission Control Principles</h4><ul id="obs_40_0001__ul631195033614"><li id="obs_40_0001__li18311135019369">Least privilege<p id="obs_40_0001__p142592375119"><a name="obs_40_0001__li18311135019369"></a><a name="li18311135019369"></a>Never grant IAM users more than the minimum level of access needed to complete a task. For example, if an IAM user only needs to upload and download objects to a directory, you do not need to assign the user the read and write permissions for the entire bucket.</p>
-</li><li id="obs_40_0001__li167001731153110">Separation of duties<p id="obs_40_0001__p17997134183813"><a name="obs_40_0001__li167001731153110"></a><a name="li167001731153110"></a>Management of resources or of permissions can be assigned to different IAM users. For example, you can let one IAM user assign permissions, and let other IAM users manage OBS resources.</p>
-</li><li id="obs_40_0001__li633219564361">Restriction by condition<p id="obs_40_0001__p10455442191615"><a name="obs_40_0001__li633219564361"></a><a name="li633219564361"></a>To enhance the security of the resources in a bucket, specific conditions can be configured to control when a permission is applied. For example, a bucket policy with conditions contained can be configured for OBS to accept requests only from a specific IP address.</p>
+<div class="section" id="obs_40_0001__section1381514334364"><h4 class="sectiontitle">OBS Permission Control Principles</h4><ul id="obs_40_0001__ul631195033614"><li id="obs_40_0001__li18311135019369">Least privilege<p id="obs_40_0001__p142592375119"><a name="obs_40_0001__li18311135019369"></a><a name="li18311135019369"></a>Grant IAM users only the minimum permissions needed to complete a task. For example, if an IAM user only needs to upload and download objects to a directory, grant this user only the permissions to do so.</p>
+</li><li id="obs_40_0001__li167001731153110">Separation of duties<p id="obs_40_0001__p17997134183813"><a name="obs_40_0001__li167001731153110"></a><a name="li167001731153110"></a>Assign different IAM users to manage resources and permissions. For example, you can let one IAM user assign permissions, and let another IAM user manage OBS resources.</p>
+</li><li id="obs_40_0001__li633219564361">Restriction by condition<p id="obs_40_0001__p10455442191615"><a name="obs_40_0001__li633219564361"></a><a name="li633219564361"></a>To enhance the security of the resources in a bucket, you can configure specific conditions to control when a permission is applied. For example, you can configure a bucket policy for OBS to accept requests only from a specific IP address.</p>
 </li></ul>
 </div>
-<div class="section" id="obs_40_0001__section54731919133310"><h4 class="sectiontitle">How Do Access Control Mechanisms Work When They Conflict?</h4><p id="obs_40_0001__p99321121194018">In the OBS permission control elements, there are allow and deny effects, which indicate the permission to allow or deny an operation.</p>
-<p id="obs_40_0001__p2366102212325">Based on the least-privilege principle, decisions default to deny, and an explicit deny statement always takes precedence over an allow statement. For example, IAM permissions grant a user access to an object, a bucket policy denies the user's access to that object, and there is no ACL. Then access will be denied.</p>
+<div class="section" id="obs_40_0001__section54731919133310"><h4 class="sectiontitle">Which Permissions Apply When They Conflict?</h4><p id="obs_40_0001__p99321121194018">In the OBS permission control elements, there are allow and deny effects, which indicate the permission to allow or deny an action.</p>
+<p id="obs_40_0001__p2366102212325">Following the least-privilege principle, the permission is defaulted to deny, and an explicit deny statement always takes precedence over an allow statement. For example, if IAM permissions grant a user access to an object, a bucket policy denies the user's access to that object, and there is no ACL, this user's access will be denied.</p>
 <p id="obs_40_0001__p1416134111327">If no method specifies an allow statement, then the request will be denied by default. Only if no method specifies a deny statement and one or more methods specify an allow statement, will the request be allowed. For example, if a bucket has multiple bucket policies with allow statements, adding such a new bucket policy applies the allowed permissions to the bucket, but adding a new bucket policy with a deny statement will make the permissions work differently. The deny statement will take precedence over allow statements, even if the denied permissions are allowed in other bucket policies.</p>
-<div class="fignone" id="obs_40_0001__fig137808145374"><span class="figcap"><b>Figure 3 </b>Authorization process</span><br><span><img id="obs_40_0001__image574953662115" src="en-us_image_0000001335934590.png"></span></div>
-<p id="obs_40_0001__p84781694399"><a href="#obs_40_0001__fig2276143024512">Figure 4</a> describes how bucket policies, IAM permissions, and ACLs work (allow or deny) when you grant the IAM users of your account the access to OBS buckets and resources in the buckets. ACLs are applied to accounts and do not control IAM users' read and write permissions for the buckets and the sources in the buckets under their account.</p>
-<div class="fignone" id="obs_40_0001__fig2276143024512"><a name="obs_40_0001__fig2276143024512"></a><a name="fig2276143024512"></a><span class="figcap"><b>Figure 4 </b>Working mechanisms (allow or deny) of bucket policies and IAM permissions in the same account</span><br><span><img id="obs_40_0001__image120275411301" src="en-us_image_0000001479778546.png"></span></div>
-<p id="obs_40_0001__p3975193111381"><a href="#obs_40_0001__fig1251114133010">Figure 5</a> describes how bucket policies, IAM permissions, and ACLs work (allow or deny) when you grant any other account and the IAM users of this account the access to OBS buckets and resources in the buckets.</p>
-<div class="fignone" id="obs_40_0001__fig1251114133010"><a name="obs_40_0001__fig1251114133010"></a><a name="fig1251114133010"></a><span class="figcap"><b>Figure 5 </b>Working mechanisms (allow or deny) of bucket policies, IAM permissions, and ACLs in cross-account access grant scenarios</span><br><span><img id="obs_40_0001__image589322184218" src="en-us_image_0000001555603997.png"></span></div>
+<div class="fignone" id="obs_40_0001__fig137808145374"><span class="figcap"><b>Figure 3 </b>Authorization process</span><br><span><img id="obs_40_0001__image85113268311" src="en-us_image_0000001664558420.png"></span></div>
+<p id="obs_40_0001__p84781694399"><a href="#obs_40_0001__fig2276143024512">Figure 4</a> describes which action (allow or deny) to take when bucket policies, IAM permissions, and ACLs for the IAM users of your account conflict. ACLs are applied to accounts and do not control IAM users' read and write permissions for the buckets and their objects.</p>
+<div class="fignone" id="obs_40_0001__fig2276143024512"><a name="obs_40_0001__fig2276143024512"></a><a name="fig2276143024512"></a><span class="figcap"><b>Figure 4 </b>Action (allow or deny) to take when bucket policies and IAM permissions for IAM users conflict under an account</span><br><span><img id="obs_40_0001__image120275411301" src="en-us_image_0000001479778546.png"></span></div>
+<p id="obs_40_0001__p3975193111381"><a href="#obs_40_0001__fig1251114133010">Figure 5</a> describes which action (allow or deny) to take when bucket policies, IAM permissions, and ACLs for any other account and the IAM users of this account conflict.</p>
+<div class="fignone" id="obs_40_0001__fig1251114133010"><a name="obs_40_0001__fig1251114133010"></a><a name="fig1251114133010"></a><span class="figcap"><b>Figure 5 </b>Action (allow or deny) to take when bucket policies, IAM permissions, and ACLs conflict in cross-account scenarios</span><br><span><img id="obs_40_0001__image589322184218" src="en-us_image_0000001555603997.png"></span></div>
 <div class="note" id="obs_40_0001__note44281281940"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="obs_40_0001__ul111531531494"><li id="obs_40_0001__li2153143114920">If both the bucket policy and IAM policy are set to <strong id="obs_40_0001__b1641114210248">Default Deny</strong>, but the ACL is set to <strong id="obs_40_0001__b1046916449246">Allow</strong>, the final result is <strong id="obs_40_0001__b204711393228">Deny</strong>. ACLs are used to supplement bucket policies.</li><li id="obs_40_0001__li21536312094">If both the bucket policy and ACL are set to <strong id="obs_40_0001__b16401541142511">Default Deny</strong> and the IAM policy is set to <strong id="obs_40_0001__b7310745162519">Allow</strong>, the final result is <strong id="obs_40_0001__b7983142113266">Deny</strong>. IAM policies are applied to users, while bucket policies are applied to resources. Even if the <strong id="obs_40_0001__b2517132653013">Allow</strong> permission is granted to users, they still cannot access the resources if the resources have the <strong id="obs_40_0001__b45694313314">Deny</strong> permission configured.</li></ul>
 </div></div>
 </div>
-<div class="section" id="obs_40_0001__section95252107366"><h4 class="sectiontitle">Concepts</h4><ul id="obs_40_0001__ul4618955134312"><li id="obs_40_0001__li136181955174317">Domain: An account that is automatically created during your registration. This account has full access control over its resources and IAM users.</li><li id="obs_40_0001__li128711957164310">IAM user: A user created by the administrator in IAM. An IAM user may be an employee, a system, or an application. An IAM user has access permissions to specified resources. IAM users have identity credentials (passwords and access keys) and can log in to the management console or call APIs.</li><li id="obs_40_0001__li14540813115712">Anonymous user: A common visitor who has not registered.</li><li id="obs_40_0001__li6711548413">A log delivery user group: A user group who only delivers access logs of buckets and objects to the specified target bucket. OBS does not create or upload any file to a bucket automatically. If you want to record access logs for a bucket, you must grant the log delivery user group required permissions, so that OBS can write the access logs to the specified bucket. This user group is only used to record internal logs of OBS.</li></ul>
+<div class="section" id="obs_40_0001__section95252107366"><h4 class="sectiontitle">Concepts</h4><ul id="obs_40_0001__ul4618955134312"><li id="obs_40_0001__li136181955174317">Domain: An account that is automatically created during your registration. This account has full access control over its resources and IAM users.</li><li id="obs_40_0001__li128711957164310">IAM user: A user created by the administrator in IAM. An IAM user may be an employee, a system, or an application. An IAM user is usually granted the permissions to access specified resources. IAM users have identity credentials (passwords and access keys) and can log in to the management console or call APIs.</li><li id="obs_40_0001__li14540813115712">Anonymous user: A visitor who has not registered.</li><li id="obs_40_0001__li6711548413">A log delivery user group: A user group that delivers access logs of buckets and objects to a specified bucket. OBS does not create or upload any file to a bucket automatically. If you want to record access logs for a bucket, you must grant the log delivery user group required permissions, so that OBS can write the access logs to the specified bucket. This user group is only used to record internal logs of OBS.</li></ul>
 </div>
 </div>
 
diff --git a/docs/obs/perms-cfg/obs_40_0002.html b/docs/obs/perms-cfg/obs_40_0002.html
index 5a67199a..13b7d488 100644
--- a/docs/obs/perms-cfg/obs_40_0002.html
+++ b/docs/obs/perms-cfg/obs_40_0002.html
@@ -1,6 +1,6 @@
 <a name="obs_40_0002"></a><a name="obs_40_0002"></a>
 
-<h1 class="topictitle1">Permission Control Mechanisms</h1>
+<h1 class="topictitle1">Permission Control Methods</h1>
 <div id="body1588766432188"></div>
 <div>
 <ul class="ullinks">
diff --git a/docs/obs/perms-cfg/obs_40_0003.html b/docs/obs/perms-cfg/obs_40_0003.html
index aded9c60..efca434a 100644
--- a/docs/obs/perms-cfg/obs_40_0003.html
+++ b/docs/obs/perms-cfg/obs_40_0003.html
@@ -2,11 +2,11 @@
 
 <h1 class="topictitle1">IAM Permissions</h1>
 <div id="body1588766432188"><div class="section" id="obs_40_0003__section8489111318501"><h4 class="sectiontitle">IAM Permissions Overview</h4><p id="obs_40_0003__p6942143264820">By default, newly created IAM users do not have any permissions. You need to add the user to one or more groups, and attach permission policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.</p>
-<p id="obs_40_0003__p1456812431508">IAM permissions take effect on all OBS buckets and objects. To grant an IAM user the permission to operate OBS resources, you need to assign one or more OBS permission sets to the user group to which the user belongs.</p>
-<p id="obs_40_0003__p9631520165012">OBS is a global service because it is available for all physical regions. IAM permissions are assigned to users in the global project, and users do not need to switch regions when accessing OBS.</p>
+<p id="obs_40_0003__p1456812431508">IAM permissions apply to all OBS buckets and objects. To grant an IAM user the permission to operate OBS resources, you need to assign one or more OBS permission sets to the user group that the user belongs to.</p>
+<p id="obs_40_0003__p9631520165012">OBS is a global service because it is available in all physical regions. If users in the global project are assigned IAM permissions, they do not need to switch regions to access OBS.</p>
 <p id="obs_40_0003__p28301569268">You can grant permissions to users by roles and policies.</p>
-<ul id="obs_40_0003__ul6830126162610"><li id="obs_40_0003__li1682355416298">Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to grant permissions, you need to also assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control.</li><li id="obs_40_0003__li14830365263">Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can grant OBS users only the permissions for managing a certain type of OBS resources. </li></ul>
-<div class="note" id="obs_40_0003__note1018554855215"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0003__p13185164825218">Due to data caching, a role and policy involving OBS actions will take effect 10 to 15 minutes after it is attached to a user, an enterprise project, and user group.</p>
+<ul id="obs_40_0003__ul6830126162610"><li id="obs_40_0003__li1682355416298">Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism only provides a limited number of service-level roles for authorization. When using roles to grant permissions, you also need to assign other dependency roles. However, roles are not the best choice for fine-grained authorization and secure access control.</li><li id="obs_40_0003__li14830365263">Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can grant OBS users only the permissions to manage a certain type of OBS resources. </li></ul>
+<div class="note" id="obs_40_0003__note1018554855215"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0003__p13185164825218">Due to data caching, a role and policy involving OBS actions will take effect 10 to 15 minutes after it is attached to a user, an enterprise project, or a user group.</p>
 </div></div>
 <p id="obs_40_0003__p4554141720431">IAM presets system permissions for each cloud service so that you can quickly configure basic permissions. <a href="#obs_40_0003__table143320246431">Table 1</a> describes all system permissions of OBS.</p>
 <p id="obs_40_0003__p19243941181716">Custom policies can be created to supplement the system-defined policies of OBS.</p>
@@ -23,7 +23,7 @@
 </thead>
 <tbody><tr id="obs_40_0003__row92218311275"><td class="cellrowborder" valign="top" width="21.18788121187881%" headers="mcps1.3.1.10.2.5.1.1 "><p id="obs_40_0003__p82223315277">Tenant Administrator</p>
 </td>
-<td class="cellrowborder" valign="top" width="50.38496150384961%" headers="mcps1.3.1.10.2.5.1.2 "><p id="obs_40_0003__p4466456182919"><span style="color:#3D3F43;">Users with this permission can perform all operations on all services except IAM.</span></p>
+<td class="cellrowborder" valign="top" width="50.38496150384961%" headers="mcps1.3.1.10.2.5.1.2 "><p id="obs_40_0003__p4466456182919">Users with this permission can perform all operations on all services except IAM.</p>
 </td>
 <td class="cellrowborder" valign="top" width="15.778422157784222%" headers="mcps1.3.1.10.2.5.1.3 "><p id="obs_40_0003__p13307349152715">System-defined role</p>
 </td>
@@ -32,7 +32,7 @@
 </tr>
 <tr id="obs_40_0003__row6159933152717"><td class="cellrowborder" valign="top" width="21.18788121187881%" headers="mcps1.3.1.10.2.5.1.1 "><p id="obs_40_0003__p26447396278">Tenant Guest</p>
 </td>
-<td class="cellrowborder" valign="top" width="50.38496150384961%" headers="mcps1.3.1.10.2.5.1.2 "><p id="obs_40_0003__p201591334273"><span style="color:#3D3F43;">Users with this permission can perform read-only operations on all services except IAM.</span></p>
+<td class="cellrowborder" valign="top" width="50.38496150384961%" headers="mcps1.3.1.10.2.5.1.2 "><p id="obs_40_0003__p201591334273">Users with this permission can perform read-only operations on all services except IAM.</p>
 </td>
 <td class="cellrowborder" valign="top" width="15.778422157784222%" headers="mcps1.3.1.10.2.5.1.3 "><p id="obs_40_0003__p1684219494278">System-defined role</p>
 </td>
@@ -50,7 +50,7 @@
 </tr>
 <tr id="obs_40_0003__row333212434317"><td class="cellrowborder" valign="top" width="21.18788121187881%" headers="mcps1.3.1.10.2.5.1.1 "><p id="obs_40_0003__p143321924104311">OBS Buckets Viewer</p>
 </td>
-<td class="cellrowborder" valign="top" width="50.38496150384961%" headers="mcps1.3.1.10.2.5.1.2 "><p id="obs_40_0003__p1733310247431">Users with this permission can list buckets, obtain basic bucket information, and obtain bucket metadata.</p>
+<td class="cellrowborder" valign="top" width="50.38496150384961%" headers="mcps1.3.1.10.2.5.1.2 "><p id="obs_40_0003__p1733310247431">Users with this permission can list buckets, obtain basic information about buckets, and obtain bucket metadata.</p>
 </td>
 <td class="cellrowborder" valign="top" width="15.778422157784222%" headers="mcps1.3.1.10.2.5.1.3 "><p id="obs_40_0003__p20333192411434">System-defined role</p>
 </td>
@@ -59,7 +59,7 @@
 </tr>
 <tr id="obs_40_0003__row7333132416439"><td class="cellrowborder" valign="top" width="21.18788121187881%" headers="mcps1.3.1.10.2.5.1.1 "><p id="obs_40_0003__p23331324114313">OBS ReadOnlyAccess</p>
 </td>
-<td class="cellrowborder" valign="top" width="50.38496150384961%" headers="mcps1.3.1.10.2.5.1.2 "><p id="obs_40_0003__p193331246430">Users with this permission can list buckets, obtain basic bucket information, obtain bucket metadata, and list objects (not the objects that have been versioned).</p>
+<td class="cellrowborder" valign="top" width="50.38496150384961%" headers="mcps1.3.1.10.2.5.1.2 "><p id="obs_40_0003__p193331246430">Users with this permission can list buckets, obtain basic information about buckets, obtain bucket metadata, and list objects (not the objects that have been versioned).</p>
 <div class="note" id="obs_40_0003__note864512387375"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0003__p136452384379">If a user with this permission fails to list objects on OBS Console, there may be multiple versions of objects in the bucket. In this case, you need to grant the user the <strong id="obs_40_0003__b48819478457">obs:bucket:ListBucketVersions</strong> permission so that the user can view different versions of objects on OBS Console.</p>
 </div></div>
 </td>
@@ -70,7 +70,7 @@
 </tr>
 <tr id="obs_40_0003__row3333202464311"><td class="cellrowborder" valign="top" width="21.18788121187881%" headers="mcps1.3.1.10.2.5.1.1 "><p id="obs_40_0003__p1333112420434">OBS OperateAccess</p>
 </td>
-<td class="cellrowborder" valign="top" width="50.38496150384961%" headers="mcps1.3.1.10.2.5.1.2 "><p id="obs_40_0003__p145991616552">Users with this permission can perform all OBS ReadOnlyAccess operations and perform basic object operations, such as uploading objects, downloading objects, deleting objects, and obtaining object ACLs.</p>
+<td class="cellrowborder" valign="top" width="50.38496150384961%" headers="mcps1.3.1.10.2.5.1.2 "><p id="obs_40_0003__p145991616552">Users with this permission can perform all OBS ReadOnlyAccess operations and perform basic operations on objects, such as uploading, downloading, and deleting objects, and obtaining object ACLs.</p>
 <div class="note" id="obs_40_0003__note84579519419"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0003__p9457205144115">If a user with this permission fails to list objects on OBS Console, there may be multiple versions of objects in the bucket. In this case, you need to grant the user the <strong id="obs_40_0003__b1569722243510">obs:bucket:ListBucketVersions</strong> permission so that the user can view different versions of objects on OBS Console.</p>
 </div></div>
 </td>
@@ -82,9 +82,9 @@
 </tbody>
 </table>
 </div>
-<p id="obs_40_0003__p9504334163519">The following table lists the common operations supported by each system-defined policy or role of OBS. Select the policies or roles as required.</p>
+<p id="obs_40_0003__p9504334163519">The following table lists the common operations supported by system-defined permissions for OBS. You can refer to this table to select the permissions as required.</p>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0003__table487418345322" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Permissions and the allowed operations on OBS resources</caption><thead align="left"><tr id="obs_40_0003__row18752034153214"><th align="left" class="cellrowborder" valign="top" width="15.45154515451545%" id="mcps1.3.1.12.2.8.1.1"><p id="obs_40_0003__p19875183413211">Operation</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0003__table487418345322" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Permissions and allowed operations on OBS resources</caption><thead align="left"><tr id="obs_40_0003__row18752034153214"><th align="left" class="cellrowborder" valign="top" width="15.45154515451545%" id="mcps1.3.1.12.2.8.1.1"><p id="obs_40_0003__p19875183413211">Operation</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="12.96129612961296%" id="mcps1.3.1.12.2.8.1.2"><p id="obs_40_0003__p1787543415321">Tenant Administrator</p>
 </th>
@@ -145,7 +145,7 @@
 <td class="cellrowborder" valign="top" width="13.96139613961396%" headers="mcps1.3.1.12.2.8.1.7 "><p id="obs_40_0003__p973565816451">No</p>
 </td>
 </tr>
-<tr id="obs_40_0003__row987573417327"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p148751134173213">Obtaining basic bucket information</p>
+<tr id="obs_40_0003__row987573417327"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p148751134173213">Obtaining basic information about buckets</p>
 </td>
 <td class="cellrowborder" valign="top" width="12.96129612961296%" headers="mcps1.3.1.12.2.8.1.2 "><p id="obs_40_0003__p138751334113219">Yes</p>
 </td>
@@ -400,7 +400,7 @@
 <td class="cellrowborder" valign="top" width="13.96139613961396%" headers="mcps1.3.1.12.2.8.1.7 "><p id="obs_40_0003__p073695844510">Yes</p>
 </td>
 </tr>
-<tr id="obs_40_0003__row11880123463217"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p1288043414323">Controlling object access</p>
+<tr id="obs_40_0003__row11880123463217"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p1288043414323">Controlling access to objects</p>
 </td>
 <td class="cellrowborder" valign="top" width="12.96129612961296%" headers="mcps1.3.1.12.2.8.1.2 "><p id="obs_40_0003__p288003415323">Yes</p>
 </td>
@@ -580,6 +580,21 @@
 <td class="cellrowborder" valign="top" width="13.96139613961396%" headers="mcps1.3.1.12.2.8.1.7 "><p id="obs_40_0003__p2736458164517">No</p>
 </td>
 </tr>
+<tr id="obs_40_0003__row178830342321"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p188831134143213">Managing cross-region replication</p>
+</td>
+<td class="cellrowborder" valign="top" width="12.96129612961296%" headers="mcps1.3.1.12.2.8.1.2 "><p id="obs_40_0003__p158831634103220">Yes</p>
+</td>
+<td class="cellrowborder" valign="top" width="14.371437143714372%" headers="mcps1.3.1.12.2.8.1.3 "><p id="obs_40_0003__p1588393403211">No</p>
+</td>
+<td class="cellrowborder" valign="top" width="13.57135713571357%" headers="mcps1.3.1.12.2.8.1.4 "><p id="obs_40_0003__p18619142814379">Yes</p>
+</td>
+<td class="cellrowborder" valign="top" width="13.521352135213519%" headers="mcps1.3.1.12.2.8.1.5 "><p id="obs_40_0003__p1688312348327">No</p>
+</td>
+<td class="cellrowborder" valign="top" width="16.16161616161616%" headers="mcps1.3.1.12.2.8.1.6 "><p id="obs_40_0003__p02710556454">No</p>
+</td>
+<td class="cellrowborder" valign="top" width="13.96139613961396%" headers="mcps1.3.1.12.2.8.1.7 "><p id="obs_40_0003__p177362582458">No</p>
+</td>
+</tr>
 <tr id="obs_40_0003__row14833159185118"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p168336590517">Configuring an object ACL</p>
 </td>
 <td class="cellrowborder" valign="top" width="12.96129612961296%" headers="mcps1.3.1.12.2.8.1.2 "><p id="obs_40_0003__p1783405916516">Yes</p>
@@ -595,7 +610,7 @@
 <td class="cellrowborder" valign="top" width="13.96139613961396%" headers="mcps1.3.1.12.2.8.1.7 "><p id="obs_40_0003__p93491644538">No</p>
 </td>
 </tr>
-<tr id="obs_40_0003__row61481058105113"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p121484582512">Configuring the ACL for an object of a specified version</p>
+<tr id="obs_40_0003__row61481058105113"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p121484582512">Configuring ACL for an object of a specified version</p>
 </td>
 <td class="cellrowborder" valign="top" width="12.96129612961296%" headers="mcps1.3.1.12.2.8.1.2 "><p id="obs_40_0003__p314895845112">Yes</p>
 </td>
@@ -625,7 +640,7 @@
 <td class="cellrowborder" valign="top" width="13.96139613961396%" headers="mcps1.3.1.12.2.8.1.7 "><p id="obs_40_0003__p1324020935316">Yes</p>
 </td>
 </tr>
-<tr id="obs_40_0003__row15514134118523"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p341154595212">Obtaining the ACL of a specified object version</p>
+<tr id="obs_40_0003__row15514134118523"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p341154595212">Obtaining the ACL of a specific object version</p>
 </td>
 <td class="cellrowborder" valign="top" width="12.96129612961296%" headers="mcps1.3.1.12.2.8.1.2 "><p id="obs_40_0003__p951417411526">Yes</p>
 </td>
@@ -685,14 +700,44 @@
 <td class="cellrowborder" valign="top" width="13.96139613961396%" headers="mcps1.3.1.12.2.8.1.7 "><p id="obs_40_0003__p9395148115110">Yes</p>
 </td>
 </tr>
+<tr id="obs_40_0003__row1964311293372"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p1064392913719">Configuring requester-pays</p>
+</td>
+<td class="cellrowborder" valign="top" width="12.96129612961296%" headers="mcps1.3.1.12.2.8.1.2 "><p id="obs_40_0003__p13643829123713">Yes</p>
+</td>
+<td class="cellrowborder" valign="top" width="14.371437143714372%" headers="mcps1.3.1.12.2.8.1.3 "><p id="obs_40_0003__p9643172913371">No</p>
+</td>
+<td class="cellrowborder" valign="top" width="13.57135713571357%" headers="mcps1.3.1.12.2.8.1.4 "><p id="obs_40_0003__p26191128193714">Yes</p>
+</td>
+<td class="cellrowborder" valign="top" width="13.521352135213519%" headers="mcps1.3.1.12.2.8.1.5 "><p id="obs_40_0003__p1464382914376">No</p>
+</td>
+<td class="cellrowborder" valign="top" width="16.16161616161616%" headers="mcps1.3.1.12.2.8.1.6 "><p id="obs_40_0003__p564372911372">No</p>
+</td>
+<td class="cellrowborder" valign="top" width="13.96139613961396%" headers="mcps1.3.1.12.2.8.1.7 "><p id="obs_40_0003__p96431529143719">No</p>
+</td>
+</tr>
+<tr id="obs_40_0003__row13404324373"><td class="cellrowborder" valign="top" width="15.45154515451545%" headers="mcps1.3.1.12.2.8.1.1 "><p id="obs_40_0003__p1940173263716">Obtaining requester-pays configuration information</p>
+</td>
+<td class="cellrowborder" valign="top" width="12.96129612961296%" headers="mcps1.3.1.12.2.8.1.2 "><p id="obs_40_0003__p4401332143717">Yes</p>
+</td>
+<td class="cellrowborder" valign="top" width="14.371437143714372%" headers="mcps1.3.1.12.2.8.1.3 "><p id="obs_40_0003__p9405328377">Yes</p>
+</td>
+<td class="cellrowborder" valign="top" width="13.57135713571357%" headers="mcps1.3.1.12.2.8.1.4 "><p id="obs_40_0003__p1461919284371">Yes</p>
+</td>
+<td class="cellrowborder" valign="top" width="13.521352135213519%" headers="mcps1.3.1.12.2.8.1.5 "><p id="obs_40_0003__p17401732153714">No</p>
+</td>
+<td class="cellrowborder" valign="top" width="16.16161616161616%" headers="mcps1.3.1.12.2.8.1.6 "><p id="obs_40_0003__p134093215372">No</p>
+</td>
+<td class="cellrowborder" valign="top" width="13.96139613961396%" headers="mcps1.3.1.12.2.8.1.7 "><p id="obs_40_0003__p54053210377">No</p>
+</td>
+</tr>
 </tbody>
 </table>
 </div>
 </div>
-<div class="section" id="obs_40_0003__section01904185241"><h4 class="sectiontitle">Application Scenarios of IAM Permissions</h4><p id="obs_40_0003__p101714434165">IAM permissions are used to authorize IAM users under an account.</p>
-<ul id="obs_40_0003__ul319124042416"><li id="obs_40_0003__li244101111715">Controlling access to cloud resources as a whole under an account</li><li id="obs_40_0003__li81911640122419">Controlling access to all OBS buckets and objects under an account</li><li id="obs_40_0003__li15991209568">Controlling access to specified OBS resources under an account</li></ul>
+<div class="section" id="obs_40_0003__section01904185241"><h4 class="sectiontitle">Application Scenarios of IAM Permissions</h4><p id="obs_40_0003__p101714434165">IAM permissions control IAM users under an account to access:</p>
+<ul id="obs_40_0003__ul319124042416"><li id="obs_40_0003__li244101111715">All cloud resources.</li><li id="obs_40_0003__li81911640122419">All OBS buckets and objects.</li><li id="obs_40_0003__li15991209568">Specified OBS resources.</li></ul>
 </div>
-<div class="section" id="obs_40_0003__section9268135516548"><h4 class="sectiontitle">Policy Structure and Syntax</h4><p id="obs_40_0003__p232429165515">A policy consists of a version and statements. Each policy can have multiple statements.</p>
+<div class="section" id="obs_40_0003__section9268135516548"><h4 class="sectiontitle">Policy Structure and Syntax</h4><p id="obs_40_0003__p232429165515">A policy consists of a version and one or more statements.</p>
 <div class="fignone" id="obs_40_0003__fig96590586581"><span class="figcap"><b>Figure 1 </b>Policy structure</span><br><span><img id="obs_40_0003__image116601758135815" src="en-us_image_0257849924.png"></span></div>
 <p id="obs_40_0003__p88641011565">Policy syntax example:</p>
 <pre class="screen" id="obs_40_0003__screen4200121482012">{
@@ -728,23 +773,23 @@
 </thead>
 <tbody><tr id="obs_40_0003__row17873027842"><td class="cellrowborder" valign="top" width="22.09%" headers="mcps1.3.3.6.2.3.1.1 "><p id="obs_40_0003__p48732027743">Version</p>
 </td>
-<td class="cellrowborder" valign="top" width="77.91%" headers="mcps1.3.3.6.2.3.1.2 "><div class="p" id="obs_40_0003__p829912213615">The version number of a policy.<ul id="obs_40_0003__ul1484412128619"><li id="obs_40_0003__li577602617611"><strong id="obs_40_0003__b133624981884949">1.0</strong>: RBAC policies. An RBAC policy consists of permissions for an entire service. Users in a group with such a policy assigned are granted all of the permissions required for that service.</li><li id="obs_40_0003__li1840484141"><strong id="obs_40_0003__b145719358384949">1.1</strong>: Fine-grained policies. A fine-grained policy consists of API-based permissions for operations on specific resource types. Fine-grained policies, as the name suggests, allow for more fine-grained control on specific operations and resources than RBAC policies. For example: You can restrict an IAM user to access only the objects in a specific directory of an OBS bucket.</li></ul>
+<td class="cellrowborder" valign="top" width="77.91%" headers="mcps1.3.3.6.2.3.1.2 "><div class="p" id="obs_40_0003__p829912213615">The version number of a policy.<ul id="obs_40_0003__ul1484412128619"><li id="obs_40_0003__li577602617611"><strong id="obs_40_0003__b133624981884949">1.0</strong>: RBAC policy. An RBAC policy consists of permissions for an entire service. Users in a group with such a policy assigned are granted all of the permissions required for that service.</li><li id="obs_40_0003__li1840484141"><strong id="obs_40_0003__b145719358384949">1.1</strong>: Fine-grained policy. A fine-grained policy consists of API-based permissions for operations on specific resource types. Fine-grained policies, as the name suggests, allow for more fine-grained control on specific operations and resources than RBAC policies. For example, you can restrict an IAM user to access only the objects in a specific directory of an OBS bucket.</li></ul>
 </div>
 </td>
 </tr>
 <tr id="obs_40_0003__row187317273414"><td class="cellrowborder" valign="top" width="22.09%" headers="mcps1.3.3.6.2.3.1.1 "><p id="obs_40_0003__p108731927249">Statement</p>
 </td>
-<td class="cellrowborder" valign="top" width="77.91%" headers="mcps1.3.3.6.2.3.1.2 "><div class="p" id="obs_40_0003__p17113185672413">Detailed descriptions of a policy, including <strong id="obs_40_0003__b134931682460">Effect</strong>, <strong id="obs_40_0003__b115371712124616">Action</strong>, <strong id="obs_40_0003__b1141191914460">Resource</strong>, and <strong id="obs_40_0003__b26891622184613">Condition</strong>. <strong id="obs_40_0003__b1330205445413">Resource</strong> and <strong id="obs_40_0003__b208415414184949">Condition</strong> are optional.<ul id="obs_40_0003__ul1802181615716"><li id="obs_40_0003__li480221610716"><strong id="obs_40_0003__b244516503192">Effect</strong><p id="obs_40_0003__p1880291618711">The valid values for <strong id="obs_40_0003__b139199271284949">Effect</strong> are <strong id="obs_40_0003__b111932433884949">Allow</strong> and <strong id="obs_40_0003__b133550218884949">Deny</strong>. System policies contain only <strong id="obs_40_0003__b116709871584949">Allow</strong> statements. For custom policies containing both <strong id="obs_40_0003__b69691813284949">Allow</strong> and <strong id="obs_40_0003__b92522532484949">Deny</strong> statements, the <strong id="obs_40_0003__b199531072884949">Deny</strong> statements take precedence.</p>
-</li><li id="obs_40_0003__li980219163715"><strong id="obs_40_0003__b15985205113194">Action</strong><p id="obs_40_0003__p14803201610710">Actions allowed on resources. An action is in the format of <em id="obs_40_0003__i120632589084949">Service name</em>:<em id="obs_40_0003__i120545427484949">Resource type</em>:<em id="obs_40_0003__i92529442184949">Action</em>. A policy can contain one or more actions. You can use a wildcard (*) to indicate all of the services, resource types, or actions depending on their location in the action. There are two types of OBS resources: buckets and objects.</p>
-</li><li id="obs_40_0003__li0244165152812"><strong id="obs_40_0003__b18514665284949">Resource</strong><p id="obs_40_0003__p1323103805814">Resources on which the policy takes effect. A resource is in the format of <em id="obs_40_0003__i31557539484949">Service name</em>:<em id="obs_40_0003__i86549574084949">Region</em>:<em id="obs_40_0003__i131716051184949">Domain ID</em>:<em id="obs_40_0003__i161483073384949">Resource type</em>:<em id="obs_40_0003__i13452511584949">Resource path</em>. You can use a wildcard (*) to indicate all of the services, regions, domain IDs, resource types, or resource paths depending on their location in the resource. In the JSON view, if <strong id="obs_40_0003__b33829267284949">Resource</strong> is not specified, the policy takes effect for all resources.</p>
-<p id="obs_40_0003__p171041029163018">The value of <strong id="obs_40_0003__b69749580084949">Resource</strong> supports uppercase (A to Z), lowercase (a to z) letters, digits (0 to 9), and the following characters: <strong id="obs_40_0003__b772156113211">-_*./\</strong>. If the value contains invalid characters, use the wildcard character (*).</p>
-<p id="obs_40_0003__p8573162614402">OBS is a global service. Therefore, set <strong id="obs_40_0003__b147214396817">Region</strong> to <strong id="obs_40_0003__b69433475811">*</strong>. <strong id="obs_40_0003__b156221650585">Domain ID</strong> indicates the ID of the resource owner. Set it to <strong id="obs_40_0003__b106796591589">*</strong> to indicate the ID of the account to which the resources belong.</p>
+<td class="cellrowborder" valign="top" width="77.91%" headers="mcps1.3.3.6.2.3.1.2 "><div class="p" id="obs_40_0003__p17113185672413">Descriptions of a policy, including <strong id="obs_40_0003__b134931682460">Effect</strong>, <strong id="obs_40_0003__b115371712124616">Action</strong>, <strong id="obs_40_0003__b1141191914460">Resource</strong> (optional), and <strong id="obs_40_0003__b26891622184613">Condition</strong> (optional).<ul id="obs_40_0003__ul1802181615716"><li id="obs_40_0003__li480221610716"><strong id="obs_40_0003__b244516503192">Effect</strong><p id="obs_40_0003__p1880291618711">The value of <strong id="obs_40_0003__b139199271284949">Effect</strong> can be <strong id="obs_40_0003__b111932433884949">Allow</strong> or <strong id="obs_40_0003__b133550218884949">Deny</strong>. System policies contain only <strong id="obs_40_0003__b116709871584949">Allow</strong> statements. For custom policies containing both <strong id="obs_40_0003__b69691813284949">Allow</strong> and <strong id="obs_40_0003__b92522532484949">Deny</strong> statements, <strong id="obs_40_0003__b199531072884949">Deny</strong> statements take precedence over <strong id="obs_40_0003__b1290518132535">Allow</strong> statements.</p>
+</li><li id="obs_40_0003__li980219163715"><strong id="obs_40_0003__b15985205113194">Action</strong><p id="obs_40_0003__p14803201610710">Actions allowed on resources. An action is in the format of <em id="obs_40_0003__i120632589084949">Service name</em>:<em id="obs_40_0003__i120545427484949">Resource type</em>:<em id="obs_40_0003__i92529442184949">Action</em>. A policy can contain one or more actions. You can use a wildcard (*) to indicate all services, resource types, or actions. There are two types of OBS resources: buckets and objects.</p>
+</li><li id="obs_40_0003__li0244165152812"><strong id="obs_40_0003__b18514665284949">Resource</strong><p id="obs_40_0003__p1323103805814">Resources on which the policy takes effect. A resource is in the format of <em id="obs_40_0003__i31557539484949">Service name</em>:<em id="obs_40_0003__i86549574084949">Region</em>:<em id="obs_40_0003__i131716051184949">Domain ID</em>:<em id="obs_40_0003__i161483073384949">Resource type</em>:<em id="obs_40_0003__i13452511584949">Resource path</em>. You can use a wildcard (*) to indicate all services, regions, domain IDs, resource types, or resource paths. In the JSON view, if <strong id="obs_40_0003__b33829267284949">Resource</strong> is not specified, the policy applies to all resources.</p>
+<p id="obs_40_0003__p171041029163018">The value of <strong id="obs_40_0003__b69749580084949">Resource</strong> can only contain uppercase (A to Z), lowercase (a to z) letters, digits (0 to 9), and the following characters: <strong id="obs_40_0003__b772156113211">-_*./\</strong>. If you want to specify unsupported characters, use the wildcard character (*).</p>
+<p id="obs_40_0003__p8573162614402">OBS is a global service. Therefore, set <em id="obs_40_0003__i6381411152112">Region</em> to <strong id="obs_40_0003__b69433475811">*</strong>. <em id="obs_40_0003__i011318205217">Domain ID</em> indicates the ID of the resource owner. Set it to <strong id="obs_40_0003__b106796591589">*</strong> to indicate the ID of the account that the resources belong to.</p>
 <p id="obs_40_0003__p117043393813">Examples:</p>
-<ul id="obs_40_0003__ul1640191817385"><li id="obs_40_0003__li22311821183817"><strong id="obs_40_0003__b66660796384949">obs:*:*:bucket:*</strong>: all OBS buckets</li><li id="obs_40_0003__li18771111553812"><strong id="obs_40_0003__b209160870784949">obs:*:*:object:my-bucket/my-object/*</strong>: all objects in the <strong id="obs_40_0003__b52520622584949">my-object</strong> directory of the <strong id="obs_40_0003__b98542963184949">my-bucket</strong> bucket</li></ul>
-</li><li id="obs_40_0003__li1543682323113"><strong id="obs_40_0003__b9519356111915">Condition</strong><p id="obs_40_0003__p661315382320">When creating a custom policy, you can add condition elements to control when the policy takes effect. A condition consists of a condition key and an operator. Condition keys are either global or service-level and are used in the condition elements of a policy statement. Global condition keys (starting with <strong id="obs_40_0003__b13570192819160">g:</strong>) are available for actions of all services, while service-level condition keys (starting with a service name acronym like <strong id="obs_40_0003__b257622817165">obs:</strong>) are available only for actions of a specific service. An operator is used together with a condition key to form a complete condition statement.</p>
-<p id="obs_40_0003__p127971145181115">OBS has a group of predefined condition keys that can be used in IAM. For example, to define an allow permission, you can use the condition key <strong id="obs_40_0003__b36524646184949">obs:SourceIp</strong> to filter matching requesters by IP address.</p>
-<p id="obs_40_0003__p0759173317410">The condition keys and operators supported by OBS are the same as those in the bucket policy. When configuring condition keys in IAM, start the condition keys and operators with <strong id="obs_40_0003__b190245174384949">obs:</strong>. For detailed condition information, see <a href="obs_40_0041.html">Bucket Policy Parameters</a>.</p>
-<p id="obs_40_0003__p47313304358">The value of <strong id="obs_40_0003__b91382117984949">Condition</strong> can contain only uppercase letters (A to Z), lowercase letters (a to z), digits (0 to 9), and the following characters: <strong id="obs_40_0003__b19672154383717">-,./_@#$%&amp;</strong>. If the value contains unsupported characters, consider using the condition operators (such as StringLike and StringStartWith) for fuzzy match.</p>
+<ul id="obs_40_0003__ul1640191817385"><li id="obs_40_0003__li22311821183817"><strong id="obs_40_0003__b66660796384949">obs:*:*:bucket:*</strong>: all OBS buckets</li><li id="obs_40_0003__li18771111553812"><strong id="obs_40_0003__b4229528122512">obs:*:*:object:my-bucket/my-object/*</strong>: all objects in the <span class="filepath" id="obs_40_0003__filepath123019282258"><b>my-object</b></span> directory of bucket <strong id="obs_40_0003__b1823011288259">my-bucket</strong></li></ul>
+</li><li id="obs_40_0003__li1543682323113"><strong id="obs_40_0003__b9519356111915">Condition</strong><p id="obs_40_0003__p661315382320">When creating a custom policy, you can add conditions to control when the policy takes effect. A condition consists of a condition key and an operator. Condition keys are either global or service-level. Global condition keys (starting with <strong id="obs_40_0003__b13570192819160">g:</strong>) are available for actions on all services, while service-level condition keys (starting with a service name acronym like <strong id="obs_40_0003__b257622817165">obs:</strong>) are available only for actions on a specific service. An operator is used together with a condition key to form a complete condition statement.</p>
+<p id="obs_40_0003__p127971145181115">OBS has predefined a group of condition keys for use in IAM. For example, you can use the condition key <strong id="obs_40_0003__b36524646184949">obs:SourceIp</strong> to allow access from a specific IP address.</p>
+<p id="obs_40_0003__p0759173317410">The condition keys and operators supported by OBS are the same as those in the bucket policy. When configuring condition keys in IAM, start the condition keys and operators with <strong id="obs_40_0003__b190245174384949">obs:</strong>. For detailed conditions, see <a href="obs_40_0041.html">Bucket Policy Parameters</a>.</p>
+<p id="obs_40_0003__p47313304358">The value of <strong id="obs_40_0003__b91382117984949">Condition</strong> can only contain uppercase letters (A to Z), lowercase letters (a to z), digits (0 to 9), and the following characters: <strong id="obs_40_0003__b19672154383717">-,./_@#$%&amp;</strong>. If you want to specify unsupported characters, use the condition operators (like StringMatch) for fuzzy match.</p>
 <p id="obs_40_0003__p2065131212304">Examples:</p>
 <ul id="obs_40_0003__ul1651171243020"><li id="obs_40_0003__li196519122305"><strong id="obs_40_0003__b151819712569">StringEndWithIfExists":{"g:UserName":["specialCharacter"]}</strong>: The statement is valid for users whose names end with <strong id="obs_40_0003__b2519127155610">specialCharacter</strong>.</li><li id="obs_40_0003__li8928125071114"><strong id="obs_40_0003__b116743742484949">"StringLike":{"obs:prefix":["private/"]}</strong>: When listing objects in a bucket, you need to set prefix to <strong id="obs_40_0003__b72382026184949">private/</strong> or include <strong id="obs_40_0003__b25112974184949">private/</strong>.</li></ul>
 </li></ul>
@@ -755,10 +800,10 @@
 </table>
 </div>
 </div>
-<div class="section" id="obs_40_0003__section2423153122212"><h4 class="sectiontitle">Configuring IAM Permissions</h4><ul id="obs_40_0003__ul534752615475"><li id="obs_40_0003__li7215183192717"><a href="https://docs.otc.t-systems.com/en-us/usermanual/obs/obs_03_0122.html" target="_blank" rel="noopener noreferrer">Creating a User and Granting OBS Permissions</a></li><li id="obs_40_0003__li12684748112818"><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/en-us_topic_0274187246.html" target="_blank" rel="noopener noreferrer">Creating a Custom Policy</a></li></ul>
+<div class="section" id="obs_40_0003__section2423153122212"><h4 class="sectiontitle">Configuring IAM Permissions</h4><ul id="obs_40_0003__ul534752615475"><li id="obs_40_0003__li7215183192717"><a href="https://docs.otc.t-systems.com/en-us/usermanual/obs/obs_03_0122.html" target="_blank" rel="noopener noreferrer">Creating a User and Granting OBS Permissions</a></li><li id="obs_40_0003__li12684748112818"><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0016.html" target="_blank" rel="noopener noreferrer">Creating a Custom Policy</a></li></ul>
 </div>
-<div class="section" id="obs_40_0003__section13402164013368"><h4 class="sectiontitle">Example Custom Policies</h4><ul id="obs_40_0003__ul10182135619226"><li id="obs_40_0003__li157689265447"><strong id="obs_40_0003__b208951715115712">Example 1: Grant all OBS permissions to users.</strong><p id="obs_40_0003__p46653263312">This policy allows users to perform any operation on OBS using the API, SDKs, OBS Console, or tools.</p>
-<div class="p" id="obs_40_0003__p339253017318">When a user logs in to OBS Console, the user accesses resources of other services, such as audit information in CTS, acceleration domain names in CDN, and keys in KMS. Therefore, in addition to the OBS permissions, you need to grant users the permissions for other services. CDN is a global service, while CTS, SMN, and KMS are regional ones. You need to configure the <strong id="obs_40_0003__b639233210195">Tenant Guest</strong> permission for the global project and regional projects based on the services and regions that you use.<pre class="screen" id="obs_40_0003__screen55823101111">{
+<div class="section" id="obs_40_0003__section13402164013368"><h4 class="sectiontitle">Example Custom Policies</h4><ul id="obs_40_0003__ul10182135619226"><li id="obs_40_0003__li157689265447"><strong id="obs_40_0003__b208951715115712">Example 1: Grant permissions that allow full access to OBS.</strong><p id="obs_40_0003__p46653263312">This policy allows users to perform any operation on OBS using the API, SDKs, OBS Console, or tools.</p>
+<div class="p" id="obs_40_0003__p339253017318">If a user logs in to OBS Console and also accesses resources of other services, such as audit information in CTS, acceleration domain names in CDN, and keys in KMS, in addition to the OBS permissions, you need to grant users the permissions to access these services. CDN is a global service. CTS, SMN, and KMS are regional services. You need to configure the <strong id="obs_40_0003__b639233210195">Tenant Guest</strong> permission for the global project and regional projects based on the services and regions that you use.<pre class="screen" id="obs_40_0003__screen55823101111">{
     "Version": "1.1",
     "Statement": [
         {
@@ -770,7 +815,7 @@
     ]
 }</pre>
 </div>
-</li><li id="obs_40_0003__li1499001214237"><strong id="obs_40_0003__b17460142710573">Example 2: Grant the read-only permission on a bucket to users (any directory).</strong><div class="p" id="obs_40_0003__p0659712132814">This policy allows users to list and download all objects in bucket <strong id="obs_40_0003__b184697701884949">obs-example</strong>.<pre class="screen" id="obs_40_0003__screen1715419122288">{
+</li><li id="obs_40_0003__li1499001214237"><strong id="obs_40_0003__b17460142710573">Example 2: Grant permissions that allow read-only access to a bucket (any directory).</strong><div class="p" id="obs_40_0003__p0659712132814">This policy allows users to list and download all objects from bucket <strong id="obs_40_0003__b184697701884949">obs-example</strong>.<pre class="screen" id="obs_40_0003__screen1715419122288">{
     "Version": "1.1",
     "Statement": [
         {
@@ -787,7 +832,7 @@
     ]
 }</pre>
 </div>
-</li><li id="obs_40_0003__li1178134122714"><strong id="obs_40_0003__b111181932135715">Example 3: Grant the read-only permission on a bucket to users (specified directory).</strong><div class="p" id="obs_40_0003__p1316275917297">This policy allows users to only download objects in the <strong id="obs_40_0003__b6650276684949">my-project/</strong> directory of bucket <strong id="obs_40_0003__b158239804384949">obs-example</strong>. Objects in other directories can be listed but cannot be downloaded.<pre class="screen" id="obs_40_0003__screen1570175817291">{
+</li><li id="obs_40_0003__li1178134122714"><strong id="obs_40_0003__b111181932135715">Example 3: Grant permissions that allow read-only access to a bucket (a specified directory).</strong><div class="p" id="obs_40_0003__p1316275917297">This policy allows users to download objects only from the <strong id="obs_40_0003__b6650276684949">my-project/</strong> directory of bucket <strong id="obs_40_0003__b158239804384949">obs-example</strong>. Objects in other directories can be listed but cannot be downloaded.<pre class="screen" id="obs_40_0003__screen1570175817291">{
     "Version": "1.1",
     "Statement": [
         {
@@ -804,7 +849,7 @@
     ]
 }</pre>
 </div>
-</li><li id="obs_40_0003__li7252849112918"><strong id="obs_40_0003__b64743715717">Example 4: Grant the read and write permissions on a bucket to users (specified directory).</strong><div class="p" id="obs_40_0003__p15698820153316">This policy allows users to list, download, upload, and delete objects in the <strong id="obs_40_0003__b111284578884949">my-project</strong> directory of bucket <strong id="obs_40_0003__b193695910384949">obs-example</strong>.<pre class="screen" id="obs_40_0003__screen16250020173311">{
+</li><li id="obs_40_0003__li7252849112918"><strong id="obs_40_0003__b64743715717">Example 4: Grant permissions that allow read and write access to a bucket (a specified directory).</strong><div class="p" id="obs_40_0003__p15698820153316">This policy allows users to list, download, upload, and delete objects in the <strong id="obs_40_0003__b111284578884949">my-project</strong> directory of bucket <strong id="obs_40_0003__b193695910384949">obs-example</strong>.<pre class="screen" id="obs_40_0003__screen16250020173311">{
     "Version": "1.1",
     "Statement": [
         {
@@ -824,7 +869,7 @@
     ]
 }</pre>
 </div>
-</li><li id="obs_40_0003__li13633157133316"><strong id="obs_40_0003__b125809423570">Example 5: Grant all permissions on a bucket to users.</strong><div class="p" id="obs_40_0003__p101733273710">This policy allows users to perform any operation on bucket <strong id="obs_40_0003__b177251530384949">obs-example</strong>.<pre class="screen" id="obs_40_0003__screen1740510316374">{
+</li><li id="obs_40_0003__li13633157133316"><strong id="obs_40_0003__b125809423570">Example 5: Grant permissions that allow full access to a bucket.</strong><div class="p" id="obs_40_0003__p101733273710">This policy allows users to perform any operation on bucket <strong id="obs_40_0003__b177251530384949">obs-example</strong>.<pre class="screen" id="obs_40_0003__screen1740510316374">{
     "Version": "1.1",
     "Statement": [
         {
@@ -840,20 +885,20 @@
     ]
 }</pre>
 </div>
-</li><li id="obs_40_0003__li838854165119"><strong id="obs_40_0003__b778424912574">Example 6: Deny a user the permission to upload objects.</strong><p id="obs_40_0003__p106331061322">A policy with only "Deny" permissions must be used in conjunction with other policies to take effect. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.</p>
-<p id="obs_40_0003__p66331861212">The following method can be used if you need to assign permissions of the <strong id="obs_40_0003__b23646550484949">OBS OperateAccess</strong> policy to a user but also forbid the user from uploading objects. Create a custom policy for denying object upload, and assign both policies to the user. Then the user can perform all <strong id="obs_40_0003__b52187483984949">OBS OperateAccess</strong> permissions except uploading objects. The following is an example of a deny policy:</p>
-<pre class="screen" id="obs_40_0003__screen963476425">{ 
-         "Version": "1.1", 
-         "Statement": [ 
-                 {
-                         "Effect": "Deny", 
-                         "Action": [ 
-                                 "obs:object:PutObject" 
-                         ]
-                 }
-         ]
+</li><li id="obs_40_0003__li838854165119"><strong id="obs_40_0003__b19313332185120">Example 6: Deny object upload.</strong><p id="obs_40_0003__p106331061322">A policy with only <strong id="obs_40_0003__b9257181419529">Deny</strong> statements must be used together other policies. If the policy assigned to a user contains both <strong id="obs_40_0003__b171318545304">Allow</strong> and <strong id="obs_40_0003__b1071425410300">Deny</strong> statements, the <strong id="obs_40_0003__b87141654203020">Deny</strong> statement take precedence over the <strong id="obs_40_0003__b127141554153019">Allow</strong> statement.</p>
+<p id="obs_40_0003__p66331861212">If you need to assign <strong id="obs_40_0003__b23646550484949">OBS OperateAccess</strong> permissions to a user but prevent the user from uploading objects, you can create a custom policy to deny object upload, and assign this custom policy and <strong id="obs_40_0003__b75819166573">OBS OperateAccess</strong> to the user. Then the user can perform all operations allowed by <strong id="obs_40_0003__b52187483984949">OBS OperateAccess</strong> except for uploading objects. The following is an example of a deny policy:</p>
+<pre class="screen" id="obs_40_0003__screen963476425">{
+    "Version": "1.1",
+    "Statement": [
+        {
+            "Effect": "Deny",
+            "Action": [
+                "obs:object:PutObject"
+            ]
+        }
+    ]
 }</pre>
-</li><li id="obs_40_0003__li208291459112"><strong id="obs_40_0003__b520410311504">Example 7: Grant users the permissions required to change a bucket's storage class and to delete certain objects in the bucket.</strong><p id="obs_40_0003__p5531191010211">This policy allows users to change the storage class of bucket <strong id="obs_40_0003__b965327936">obs-example</strong> and to delete object <strong id="obs_40_0003__b10590531940">my-object.txt</strong> in the bucket.</p>
+</li><li id="obs_40_0003__li208291459112"><strong id="obs_40_0003__b520410311504">Example 7: Grant the permissions to change a bucket's storage class and delete certain objects from the bucket.</strong><p id="obs_40_0003__p5531191010211">This policy allows users to change the storage class of bucket <strong id="obs_40_0003__b965327936">obs-example</strong> and to delete object <strong id="obs_40_0003__b10590531940">my-object.txt</strong> from the bucket.</p>
 <pre class="screen" id="obs_40_0003__screen197811723101">{
     "Version": "1.1",
     "Statement": [
@@ -882,7 +927,7 @@
 </div>
 <div>
 <div class="familylinks">
-<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0002.html">Permission Control Mechanisms</a></div>
+<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0002.html">Permission Control Methods</a></div>
 </div>
 </div>
 
diff --git a/docs/obs/perms-cfg/obs_40_0004.html b/docs/obs/perms-cfg/obs_40_0004.html
index 14b9d91f..c24bb4a1 100644
--- a/docs/obs/perms-cfg/obs_40_0004.html
+++ b/docs/obs/perms-cfg/obs_40_0004.html
@@ -1,8 +1,8 @@
 <a name="obs_40_0004"></a><a name="obs_40_0004"></a>
 
 <h1 class="topictitle1">Bucket Policies</h1>
-<div id="body1588766432188"><div class="section" id="obs_40_0004__section7601193912719"><h4 class="sectiontitle">Overview</h4><p id="obs_40_0004__p3671173512916">A bucket policy applies to an <span id="obs_40_0004__ph196711355292">OBS</span> bucket and objects in the bucket. By leveraging bucket policies, the owner of a bucket can authorize IAM users or other accounts the permissions to operate the bucket and objects in the bucket.</p>
-<div class="note" id="obs_40_0004__note209741028171818"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="obs_40_0004__ul204679179594"><li id="obs_40_0004__li11467217155912">Creating a bucket and obtaining a bucket list are service-level operations. To obtain such operation permissions, you need to configure <a href="obs_40_0014.html">IAM permissions</a>.</li><li id="obs_40_0004__li9467101715598">Due to data caching, after a bucket policy is configured, it takes 5 minutes at most for the policy to take effect.</li></ul>
+<div id="body1588766432188"><div class="section" id="obs_40_0004__section7601193912719"><h4 class="sectiontitle">Overview</h4><p id="obs_40_0004__p3671173512916">A bucket policy applies to an <span id="obs_40_0004__ph196711355292">OBS</span> bucket and the objects in the bucket. Bucket policies let a bucket owner grant IAM users or other accounts permissions on the bucket and its objects.</p>
+<div class="note" id="obs_40_0004__note209741028171818"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="obs_40_0004__ul204679179594"><li id="obs_40_0004__li11467217155912">Creating a bucket and obtaining a bucket list are service-level operations. To obtain such operation permissions, you need to configure <a href="obs_40_0014.html">IAM permissions</a>.</li><li id="obs_40_0004__li9467101715598">Due to data caching, it takes 5 minutes at most for a bucket policy to take effect.</li></ul>
 </div></div>
 </div>
 <div class="section" id="obs_40_0004__section11947155545"><h4 class="sectiontitle">Bucket Policy Overview</h4><p id="obs_40_0004__p20513012512">A bucket policy is attached to a bucket and objects in the bucket. An OBS bucket owner can use bucket policies to grant IAM users, other accounts, or anonymous users the permissions to operate buckets and objects in the buckets. OBS provides standard and advanced bucket policies.</p>
@@ -71,11 +71,11 @@
 </div>
 <p id="obs_40_0004__p102285401236"><strong id="obs_40_0004__b167989536314">Custom Bucket Policy</strong>:</p>
 <p id="obs_40_0004__p385655915198">The following three modes are provided to facilitate quick configuration of a custom bucket policy:</p>
-<ul id="obs_40_0004__ul8780438183815"><li id="obs_40_0004__li14780838163818"><strong id="obs_40_0004__b564742511102153">Read-only</strong>: With the <strong id="obs_40_0004__b1204129045102153">Read-only</strong> mode, you only need to specify the <strong id="obs_40_0004__b1903280500102153">Principal</strong> (authorized users). Then the authorized users have the read permission for the bucket and objects in the bucket, and can perform all GET operations on these resources.</li><li id="obs_40_0004__li11780438103816"><strong id="obs_40_0004__b1582138021102153">Read and write</strong>: With the <strong id="obs_40_0004__b315861430102153">Read and write</strong> mode, you only need to specify the <strong id="obs_40_0004__b103026638102153">Principal</strong> (authorized users). Then the authorized users have the full control permissions for the bucket and objects in the bucket, and can perform any operation on these resources.</li><li id="obs_40_0004__li15780138123814"><strong id="obs_40_0004__b921310667102153">Customized</strong>: With the <strong id="obs_40_0004__b1936822727102153">Customized</strong> mode, you can define the specific operation permissions that you want to authorize to users and accounts by configuring the parameters of <strong id="obs_40_0004__b1456455213102153">Effect</strong>, <strong id="obs_40_0004__b2136251359102153">Principal</strong>, <strong id="obs_40_0004__b435592627102153">Resources</strong>, <strong id="obs_40_0004__b1719064803102153">Actions</strong>, and <strong id="obs_40_0004__b1298345174102153">Conditions</strong>. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/obs/obs_03_0074.html" target="_blank" rel="noopener noreferrer">Bucket Policy Parameters</a>.</li></ul>
+<ul id="obs_40_0004__ul8780438183815"><li id="obs_40_0004__li14780838163818"><strong id="obs_40_0004__b564742511102153">Read-only</strong>: With the <strong id="obs_40_0004__b1204129045102153">Read-only</strong> mode, you only need to specify the <strong id="obs_40_0004__b1903280500102153">Principal</strong> (authorized users). Then the authorized users have the read permission for the bucket and objects in the bucket, and can perform all GET operations on these resources.</li><li id="obs_40_0004__li11780438103816"><strong id="obs_40_0004__b1582138021102153">Read and write</strong>: With the <strong id="obs_40_0004__b315861430102153">Read and write</strong> mode, you only need to specify the <strong id="obs_40_0004__b103026638102153">Principal</strong> (authorized users). Then the authorized users have the full control permissions for the bucket and objects in the bucket, and can perform any operation on these resources.</li><li id="obs_40_0004__li1557792912920"><strong id="obs_40_0004__b740115263417">Customized</strong>: With the <strong id="obs_40_0004__b541125213346">Customized</strong> mode, you can define the specific operation permissions that you want to authorize to users and accounts by configuring the parameters of <strong id="obs_40_0004__b114185213420">Effect</strong>, <strong id="obs_40_0004__b164185293415">Principal</strong>, <strong id="obs_40_0004__b941175215345">Resources</strong>, <strong id="obs_40_0004__b1741185216347">Actions</strong>, and <strong id="obs_40_0004__b641652163416">Conditions</strong>. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/obs/obs_03_0074.html" target="_blank" rel="noopener noreferrer">Bucket Policy Parameters</a>.</li></ul>
 <div class="note" id="obs_40_0004__note154003135617"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0004__p134001713961">On OBS Console, when you use the custom bucket policy to authorize other users with resource operation permissions, you also need to authorize the users with the bucket read permission <strong id="obs_40_0004__b521955623102153">ListBucket</strong> (leave the resource name blank to indicate that the policy takes effect on the entire bucket). Otherwise, the users have no permission to access the bucket.</p>
 </div></div>
 </div>
-<div class="section" id="obs_40_0004__section15235811516"><h4 class="sectiontitle">Bucket Policy Application Scenarios</h4><ul id="obs_40_0004__ul7761857101919"><li id="obs_40_0004__li53131829181412">You can use bucket policies to grant other accounts the permissions to access OBS resources.</li><li id="obs_40_0004__li931310297146">You can configure bucket policies to grant IAM users various access permissions to different buckets.</li></ul>
+<div class="section" id="obs_40_0004__section15235811516"><h4 class="sectiontitle">Application Scenarios of a Bucket Policy</h4><ul id="obs_40_0004__ul7761857101919"><li id="obs_40_0004__li53131829181412">Grant other accounts the permissions to access OBS resources.</li><li id="obs_40_0004__li931310297146">Grant IAM users the permissions to access buckets.</li></ul>
 </div>
 <div class="section" id="obs_40_0004__section33297445291"><h4 class="sectiontitle">Policy Structure and Syntax</h4><div class="msonormal" id="obs_40_0004__p6480821">A bucket policy is in JSON format. The format is as follows:<pre class="screen" id="obs_40_0004__screen1671243035119">{ 
 "Statement" : [
@@ -89,33 +89,33 @@
   ]
 }</pre>
 </div>
-<div class="p" id="obs_40_0004__p578602465111">Example:<pre class="screen" id="obs_40_0004__screen866121133215"><span style="color:#222222;">{</span>
-<span style="color:#222222;">   "Statement":[</span>
-<span style="color:#222222;">       {</span>
+<div class="p" id="obs_40_0004__p578602465111">Example:<pre class="screen" id="obs_40_0004__screen866121133215">{
+   "Statement":[
+       {
            "Sid": "ExampleStatementID1",
-<span style="color:#222222;">           "Principal":{</span>
-<span style="color:#222222;">               "ID":[</span>
+           "Principal":{
+               "ID":[
                    "domain/<em id="obs_40_0004__i1129343493419">account ID</em>", 
                    "domain/<em id="obs_40_0004__i12293143410341">account ID</em>:user/<em id="obs_40_0004__i629313453411">User ID</em>" 
-<span style="color:#222222;">               ]</span>
-<span style="color:#222222;">           },</span>
-<span style="color:#222222;">           "Effect":"Allow",</span>
-<span style="color:#222222;">           "Action":[</span>
-<span style="color:#222222;">               "CreateBucket",</span>
-<span style="color:#222222;">               "DeleteBucket"</span>
-<span style="color:#222222;">           ],</span>
-<span style="color:#222222;">           "Resource":"000-02/key01",</span>
-<span style="color:#222222;">           "Condition":{</span>
-<span style="color:#222222;">               "NumericNotEquals":{</span>
-<span style="color:#222222;">                   "Referer":"sdf"</span>
-<span style="color:#222222;">               },</span>
-<span style="color:#222222;">               "StringNotLike":{</span>
-<span style="color:#222222;">                   "Delimiter":"ouio"</span>
-<span style="color:#222222;">               }</span>
-<span style="color:#222222;">           }</span>
-<span style="color:#222222;">       }</span>
-<span style="color:#222222;">   ]</span>
-<span style="color:#222222;"> }</span></pre>
+               ]
+           },
+           "Effect":"Allow",
+           "Action":[
+               "CreateBucket",
+               "DeleteBucket"
+           ],
+           "Resource":"000-02/key01",
+           "Condition":{
+               "NumericNotEquals":{
+                   "Referer":"sdf"
+               },
+               "StringNotLike":{
+                   "Delimiter":"ouio"
+               }
+           }
+       }
+   ]
+ }</pre>
 </div>
 <p class="msonormal" id="obs_40_0004__p26302712">A bucket policy comprises one or more statements. Each statement contains the following elements:</p>
 
@@ -158,14 +158,14 @@
 </tr>
 <tr id="obs_40_0004__row63024326"><td class="cellrowborder" valign="top" width="16.33%" headers="mcps1.3.4.5.2.4.1.1 "><p id="obs_40_0004__p4696792">Action</p>
 </td>
-<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.4.5.2.4.1.2 "><p id="obs_40_0004__p44895895">Actions which a statement applies to. This parameter specifies a set of all the operations supported by OBS. Its values are case insensitive. The value supports a wildcard character (*) that indicates all actions, for example, <strong id="obs_40_0004__b58700156238">"Action":["List*", "Get*"]</strong>.</p>
+<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.4.5.2.4.1.2 "><p id="obs_40_0004__p44895895">Actions which a statement applies to. This parameter specifies a set of all the operations supported by OBS. Its values are case insensitive. You can use a wildcard character (*) to indicate all actions, for example, <strong id="obs_40_0004__b17235616183915">"Action":["List*", "Get*"]</strong>.</p>
 </td>
 <td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.4.5.2.4.1.3 "><p id="obs_40_0004__p12688874">Optional. Select either <strong id="obs_40_0004__b1050577407102153">Action</strong> or <strong id="obs_40_0004__b1866439694102153">NotAction</strong>.</p>
 </td>
 </tr>
 <tr id="obs_40_0004__row47091007"><td class="cellrowborder" valign="top" width="16.33%" headers="mcps1.3.4.5.2.4.1.1 "><p id="obs_40_0004__p56275212">NotAction</p>
 </td>
-<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.4.5.2.4.1.2 "><p id="obs_40_0004__p61998305">An exception to a list of actions in the statement. All actions are performed except the one specified in <strong id="obs_40_0004__b234211998102153">NotAction</strong>. The value of this element is similar to <strong id="obs_40_0004__b588199787102153">Action</strong>.</p>
+<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.4.5.2.4.1.2 "><p id="obs_40_0004__p61998305">An exception to a list of actions in the statement. All actions are performed except the ones specified in <strong id="obs_40_0004__b17631526114812">NotAction</strong>. The value of this element is similar to <strong id="obs_40_0004__b588199787102153">Action</strong>.</p>
 </td>
 <td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.4.5.2.4.1.3 "><p id="obs_40_0004__p55806823">Optional. Select either <strong id="obs_40_0004__b1588093475102153">Action</strong> or <strong id="obs_40_0004__b887754746102153">NotAction</strong>.</p>
 </td>
@@ -198,7 +198,7 @@
 </div>
 <div class="section" id="obs_40_0004__section8115174519452"><h4 class="sectiontitle">Configuring a Bucket Policy</h4><ul id="obs_40_0004__ul6926194364716"><li id="obs_40_0004__li10864112411449"><a href="https://docs.otc.t-systems.com/en-us/usermanual/obs/obs_03_0142.html" target="_blank" rel="noopener noreferrer">Configuring a Standard Bucket Policy</a></li><li id="obs_40_0004__li209031848174415"><a href="https://docs.otc.t-systems.com/en-us/usermanual/obs/obs_03_0123.html" target="_blank" rel="noopener noreferrer">Configuring a Custom Bucket Policy (Common Mode)</a></li><li id="obs_40_0004__li8569863379"><a href="https://docs.otc.t-systems.com/en-us/usermanual/obs/obs_03_0141.html" target="_blank" rel="noopener noreferrer">Configuring a Custom Bucket Policy (Coding Mode)</a></li></ul>
 </div>
-<div class="section" id="obs_40_0004__section991518516457"><h4 class="sectiontitle">Bucket Policy Example</h4><ul id="obs_40_0004__ul251413712531"><li id="obs_40_0004__li651413711535"><strong id="obs_40_0004__b10416462153">Example 1: grant an IAM user the specified operation permission on all objects in a specified bucket.</strong><p id="obs_40_0004__p6597175419536">The following example policy grants the PutObject and PutObjectAcl permissions to the IAM user whose ID is <strong id="obs_40_0004__b16455114671513">71f3901173514e6988115ea2c26d1999</strong> under account <strong id="obs_40_0004__b1346114611518">b4bf1b36d9ca43d984fbcb9491b6fce9</strong> (account ID).</p>
+<div class="section" id="obs_40_0004__section991518516457"><h4 class="sectiontitle">Bucket Policy Example</h4><ul id="obs_40_0004__ul251413712531"><li id="obs_40_0004__li651413711535"><strong id="obs_40_0004__b10416462153">Example 1: Grant an IAM user the specified operation permission on all objects in a specified bucket.</strong><p id="obs_40_0004__p6597175419536">The following policy grants the PutObject and PutObjectAcl permissions to the IAM user <strong id="obs_40_0004__b16455114671513">71f3901173514e6988115ea2c26d1999</strong> under account <strong id="obs_40_0004__b1346114611518">b4bf1b36d9ca43d984fbcb9491b6fce9</strong>.</p>
 <pre class="screen" id="obs_40_0004__screen15361871153935">{
     "Statement":[
     {
@@ -210,7 +210,7 @@
     }
   ]
 }</pre>
-</li><li id="obs_40_0004__li353611512530"><strong id="obs_40_0004__b0221123521510">Example 2: Grant all permissions for a specified bucket to an IAM user.</strong><p id="obs_40_0004__p276516413540">The following example policy grants all operation permissions (including bucket operations and object operations) of <strong id="obs_40_0004__b1941411930102153">examplebucket</strong> to the user whose ID is <strong id="obs_40_0004__b1388615963102153">71f3901173514e6988115ea2c26d1999</strong> in account <strong id="obs_40_0004__b1070362009102153">b4bf1b36d9ca43d984fbcb9491b6fce9</strong> (account ID).</p>
+</li><li id="obs_40_0004__li353611512530"><strong id="obs_40_0004__b0221123521510">Example 2: Grant all permissions for a specified bucket to an IAM user.</strong><p id="obs_40_0004__p276516413540">The following policy grants all permissions for bucket <strong id="obs_40_0004__b1941411930102153">examplebucket</strong> and its objects to the user <strong id="obs_40_0004__b1388615963102153">71f3901173514e6988115ea2c26d1999</strong> in account <strong id="obs_40_0004__b1070362009102153">b4bf1b36d9ca43d984fbcb9491b6fce9</strong>.</p>
 <pre class="screen" id="obs_40_0004__screen36025159112336">{
     "Statement":[
     {
@@ -225,7 +225,7 @@
     }
   ]
 }</pre>
-</li><li id="obs_40_0004__li1319113325414"><strong id="obs_40_0004__b047410150">Example 3: Grant all permissions except the object deletion permission to an OBS user.</strong><p id="obs_40_0004__p137095265411">The following example policy grants a user (user ID <strong id="obs_40_0004__b1376071661102153">71f3901173514e6988115ea2c26d1999</strong>) of an account (ID <strong id="obs_40_0004__b2020976271102153">b4bf1b36d9ca43d984fbcb9491b6fce9</strong>) all permissions for the <strong id="obs_40_0004__b1005415538102153">examplebucket</strong> bucket, excluding the permission to delete objects.</p>
+</li><li id="obs_40_0004__li1319113325414"><strong id="obs_40_0004__b047410150">Example 3: Grant all permissions except the object deletion permission to an OBS user.</strong><p id="obs_40_0004__p137095265411">The following policy grants the user <strong id="obs_40_0004__b1376071661102153">71f3901173514e6988115ea2c26d1999</strong> under the account <strong id="obs_40_0004__b2020976271102153">b4bf1b36d9ca43d984fbcb9491b6fce9</strong> all permissions for the <strong id="obs_40_0004__b1005415538102153">examplebucket</strong> bucket, excluding the permission to delete objects.</p>
 <pre class="screen" id="obs_40_0004__screen53220430144528">{
     "Statement":[
     {
@@ -244,7 +244,7 @@
     }
   ]
 }</pre>
-</li><li id="obs_40_0004__li12181163615547"><strong id="obs_40_0004__b841713538159">Example 4: Grant the read-only permission on a specified object to anonymous users.</strong><p id="obs_40_0004__p1176973345516">The following example policy grants the <strong id="obs_40_0004__b102441628102153">GetObject</strong> (download object) permission of <strong id="obs_40_0004__b1405095165102153">exampleobject</strong> in bucket <strong id="obs_40_0004__b1345120852102153">examplebucket</strong> to anonymous users, allowing everyone to read data of the exampleobject object.</p>
+</li><li id="obs_40_0004__li6386153682810"><strong id="obs_40_0004__b8648202614239">Example 4: Grant the read-only permission on a specified object to anonymous users.</strong><p id="obs_40_0004__p1176973345516">The following policy grants anonymous users the <strong id="obs_40_0004__b102441628102153">GetObject</strong> permissions to download object <strong id="obs_40_0004__b1405095165102153">exampleobject</strong> from bucket <strong id="obs_40_0004__b1345120852102153">examplebucket</strong>, allowing everyone to read data of the <strong id="obs_40_0004__b1081811994114">exampleobject</strong> object.</p>
 <pre class="screen" id="obs_40_0004__screen3111597311348">{
     "Statement":[
     {
@@ -256,8 +256,8 @@
     }
   ]
 }</pre>
-</li><li id="obs_40_0004__li17157338165417"><strong id="obs_40_0004__b633217120174">Example 5: Restrict access to a specific IP address.</strong><p id="obs_40_0004__p6364144318555">The following policy grants all users the permission to perform any OBS operation. However, the requests must be from the specified IP address range. The IP address range that is allowed by the statement is 192.168.0.* with an exception of 192.168.0.1.</p>
-<p id="obs_40_0004__p48293335113549">Use <strong id="obs_40_0004__b1448040862102153">IpAddress</strong> and <strong id="obs_40_0004__b757472809102153">NotIpAddress</strong> conditions, and use the <strong id="obs_40_0004__b838352860102153">SourceIp</strong> (in OBS range) condition key. The value of <strong id="obs_40_0004__b875947681102153">SourceIp</strong> is the CIDR notation described in RFC 4632.</p>
+</li><li id="obs_40_0004__li17157338165417"><strong id="obs_40_0004__b633217120174">Example 5: Allow access only from a specific IP address.</strong><p id="obs_40_0004__p6364144318555">The following policy grants the permission to allow users to access from the specific IP address range to perform any operations on OBS. The range is 192.168.0.*, excluding 192.168.0.1.</p>
+<p id="obs_40_0004__p48293335113549">You can use <strong id="obs_40_0004__b1448040862102153">IpAddress</strong> and <strong id="obs_40_0004__b757472809102153">NotIpAddress</strong> conditions, and the <strong id="obs_40_0004__b838352860102153">SourceIp</strong> (in OBS range) condition key. The value of <strong id="obs_40_0004__b875947681102153">SourceIp</strong> is a CIDR notation described in RFC 4632.</p>
 <pre class="screen" id="obs_40_0004__screen51079788113712">{
   "Statement": [
     {
@@ -278,7 +278,7 @@
 </div>
 <div>
 <div class="familylinks">
-<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0002.html">Permission Control Mechanisms</a></div>
+<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0002.html">Permission Control Methods</a></div>
 </div>
 </div>
 
diff --git a/docs/obs/perms-cfg/obs_40_0005.html b/docs/obs/perms-cfg/obs_40_0005.html
index ad27949c..a721ef90 100644
--- a/docs/obs/perms-cfg/obs_40_0005.html
+++ b/docs/obs/perms-cfg/obs_40_0005.html
@@ -1,37 +1,37 @@
 <a name="obs_40_0005"></a><a name="obs_40_0005"></a>
 
 <h1 class="topictitle1">ACLs</h1>
-<div id="body1588766432188"><p id="obs_40_0005__p3143458103015">An ACL is a list that defines grantees and their granted permissions.</p>
+<div id="body1588766432188"><p id="obs_40_0005__p3143458103015">An access control list (ACL) is a list of rules that specifies which users or systems are granted or denied access to a particular bucket or object.</p>
 <p id="obs_40_0005__p197416513300">Bucket and object ACLs are attached to accounts. By default, an ACL is created when a bucket or object is created, authorizing the owner the full control over the bucket or object.</p>
-<p class="msonormal" id="obs_40_0005__p38156867">To implement simple and practical authorization for users, the OBS ACL has the following features:</p>
-<ul id="obs_40_0005__ul7867488"><li id="obs_40_0005__li20280705">The ACL takes effect for both the account and the users under the account.</li><li id="obs_40_0005__li613818484611">When the owner of a bucket is the same as the owner of an object, the ACL configured on the bucket takes effect on the bucket and objects in the bucket by default.</li><li id="obs_40_0005__li18475112319462">An ACL can be carried when a bucket is created, or an ACL can be configured after a bucket is created. An object can carry an ACL when it is uploaded. You can also configure the ACL after the object is uploaded successfully.</li></ul>
-<p id="obs_40_0005__p47411659300">ACLs are write and read control rules attached to accounts, whose permission granularity is not as fine as bucket policies and IAM policies. Generally, it is recommended that you use IAM permissions and bucket policies for access control.</p>
-<p id="obs_40_0005__p19867229101819"><a href="#obs_40_0005__table177445813209">Table 1</a> lists users to whom you can grant bucket access permissions by configuring an ACL.</p>
+<p class="msonormal" id="obs_40_0005__p38156867">To implement simple and practical authorization for users, OBS ACL has the following features:</p>
+<ul id="obs_40_0005__ul7867488"><li id="obs_40_0005__li20280705">An ACL applies to both the account and the users under the account.</li><li id="obs_40_0005__li613818484611">If a bucket and its objects have the same owner, the ACL configured on the bucket also applies to the objects in the bucket by default.</li><li id="obs_40_0005__li18475112319462">An ACL can be created together with a bucket or its object. You can also configure one after the bucket or object is created.</li></ul>
+<p id="obs_40_0005__p47411659300">ACLs are write and read permissions attached to accounts, and are not as fine-grained as bucket policies and IAM policies. It is recommended that you use IAM permissions and bucket policies for access control.</p>
+<p id="obs_40_0005__p19867229101819">You can grant bucket access permissions to users or user groups listed in <a href="#obs_40_0005__table177445813209">Table 1</a> by configuring an ACL.</p>
 
-<div class="tablenoborder"><a name="obs_40_0005__table177445813209"></a><a name="table177445813209"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0005__table177445813209" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Authorized users supported by OBS</caption><thead align="left"><tr id="obs_40_0005__row5236185882019"><th align="left" class="cellrowborder" valign="top" width="27%" id="mcps1.3.7.2.3.1.1"><p id="obs_40_0005__p4236185812209">Principal</p>
+<div class="tablenoborder"><a name="obs_40_0005__table177445813209"></a><a name="table177445813209"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0005__table177445813209" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Users for whom you can create an ACL to grant bucket access permissions</caption><thead align="left"><tr id="obs_40_0005__row5236185882019"><th align="left" class="cellrowborder" valign="top" width="27%" id="mcps1.3.7.2.3.1.1"><p id="obs_40_0005__p4236185812209">Principal</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="73%" id="mcps1.3.7.2.3.1.2"><p id="obs_40_0005__p0236185811200">Description</p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0005__row122361958192016"><td class="cellrowborder" valign="top" width="27%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0005__p1223615586209">Specific User</p>
+<tbody><tr id="obs_40_0005__row122361958192016"><td class="cellrowborder" valign="top" width="27%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0005__p1223615586209">Specific users</p>
 </td>
-<td class="cellrowborder" valign="top" width="73%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0005__p1377083924318">ACLs can be used to grant accounts with bucket/object access permissions. Once a specific account is granted with certain bucket/object access permissions, all IAM users who have OBS resource permissions under this account can have the same access permissions to operate the bucket or object.</p>
-<p id="obs_40_0005__p223612587202">You can configure bucket policies to grant different permissions to different IAM users.</p>
+<td class="cellrowborder" valign="top" width="73%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0005__p1377083924318">ACLs can be used to grant accounts permissions to access buckets and objects. Once a specific account is granted such permissions, all IAM users under this account have the same permissions as this account.</p>
+<p id="obs_40_0005__p223612587202">If you want to grant different permissions to different IAM users, you can configure bucket policies.</p>
 </td>
 </tr>
 <tr id="obs_40_0005__row14236115815207"><td class="cellrowborder" valign="top" width="27%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0005__p4237195812018">Owner</p>
 </td>
-<td class="cellrowborder" valign="top" width="73%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0005__p82371758102019">The owner of a bucket is the account that created the bucket. The bucket owner has all bucket access permissions by default. The read and write permissions to the bucket ACL are permanently available to the bucket owner, and cannot be modified.</p>
-<p id="obs_40_0005__p108801457143318">An object owner is the account that uploads the object, but may not be the owner of the bucket that stores the object. The object owner has all control over the object by default. The read and write permissions to the object ACL are permanently available to the object owner, and cannot be modified.</p>
-<div class="notice" id="obs_40_0005__note16704211185110"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><p id="obs_40_0005__p11704131114517">Do not modify the bucket owner's read and write access permissions for the bucket.</p>
+<td class="cellrowborder" valign="top" width="73%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0005__p82371758102019">The owner of a bucket is the account that created the bucket. The bucket owner has all permissions for the bucket by default. The read and write permissions to the bucket ACL are permanently available to the bucket owner, and cannot be modified.</p>
+<p id="obs_40_0005__p108801457143318">An object owner is the account that uploads the object and is not necessarily the owner of the bucket that stores the object. The object owner has all control over the object by default. The read and write permissions to the object ACL are permanently available to the object owner, and cannot be modified.</p>
+<div class="notice" id="obs_40_0005__note16704211185110"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><p id="obs_40_0005__p11704131114517">Do not modify the bucket owner's read and write permissions for the bucket.</p>
 </div></div>
 </td>
 </tr>
 <tr id="obs_40_0005__row0239105872015"><td class="cellrowborder" valign="top" width="27%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0005__p2239658142016">Anonymous users</p>
 </td>
-<td class="cellrowborder" valign="top" width="73%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0005__p112397589206">Visitors who have not registered. If the permissions to access a bucket or an object are granted to anonymous users, everyone can access the object or bucket without identity authentication.</p>
-<div class="notice" id="obs_40_0005__note1437509296"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><p id="obs_40_0005__p122391580206">If the permissions to access a bucket or an object are granted to anonymous users, everyone can access the object or bucket without identity authentication.</p>
+<td class="cellrowborder" valign="top" width="73%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0005__p112397589206">Visitors who have not registered.</p>
+<div class="notice" id="obs_40_0005__note1437509296"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><p id="obs_40_0005__p122391580206">If the permissions to access a bucket or an object are granted to anonymous users, everyone can access the bucket or an object without authentication.</p>
 </div></div>
 </td>
 </tr>
@@ -47,9 +47,9 @@
 </tbody>
 </table>
 </div>
-<div class="section" id="obs_40_0005__section1314334415429"><h4 class="sectiontitle">Bucket ACL</h4><p class="MsoNormal" id="obs_40_0005__p7805019"><a href="#obs_40_0005__table28226836">Table 2</a> lists the access permissions of a bucket ACL.</p>
+<div class="section" id="obs_40_0005__section1314334415429"><h4 class="sectiontitle">Bucket ACL</h4><p class="MsoNormal" id="obs_40_0005__p7805019"><a href="#obs_40_0005__table28226836">Table 2</a> lists the permissions of a bucket ACL.</p>
 
-<div class="tablenoborder"><a name="obs_40_0005__table28226836"></a><a name="table28226836"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0005__table28226836" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Access permissions controlled by a bucket ACL</caption><thead align="left"><tr id="obs_40_0005__row61083978"><th align="left" class="cellrowborder" valign="top" width="19.55%" id="mcps1.3.8.3.2.4.1.1"><p id="obs_40_0005__p55592582172343">Permission Related Concepts</p>
+<div class="tablenoborder"><a name="obs_40_0005__table28226836"></a><a name="table28226836"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0005__table28226836" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Bucket ACL permissions</caption><thead align="left"><tr id="obs_40_0005__row61083978"><th align="left" class="cellrowborder" valign="top" width="19.55%" id="mcps1.3.8.3.2.4.1.1"><p id="obs_40_0005__p55592582172343">Permission</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="14.97%" id="mcps1.3.8.3.2.4.1.2"><p id="obs_40_0005__p48855171">Option</p>
 </th>
@@ -57,43 +57,43 @@
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0005__row26845555"><td class="cellrowborder" rowspan="3" valign="top" width="19.55%" headers="mcps1.3.8.3.2.4.1.1 "><p id="obs_40_0005__p6705326172343">Access to Bucket</p>
+<tbody><tr id="obs_40_0005__row26845555"><td class="cellrowborder" rowspan="3" valign="top" width="19.55%" headers="mcps1.3.8.3.2.4.1.1 "><p id="obs_40_0005__p6705326172343">Access to bucket</p>
 </td>
 <td class="cellrowborder" valign="top" width="14.97%" headers="mcps1.3.8.3.2.4.1.2 "><p id="obs_40_0005__p27006329">Read</p>
 </td>
-<td class="cellrowborder" valign="top" width="65.48%" headers="mcps1.3.8.3.2.4.1.3 "><p id="obs_40_0005__p40029077">A grantee with the read access to a bucket can obtain the list of objects in the bucket and the metadata of the bucket.</p>
+<td class="cellrowborder" valign="top" width="65.48%" headers="mcps1.3.8.3.2.4.1.3 "><p id="obs_40_0005__p40029077">A user with this permission can obtain the list of objects in a bucket and the metadata of the bucket.</p>
 </td>
 </tr>
-<tr id="obs_40_0005__row178401019116"><td class="cellrowborder" valign="top" headers="mcps1.3.8.3.2.4.1.1 "><p id="obs_40_0005__p9785191012111">Object read</p>
+<tr id="obs_40_0005__row178401019116"><td class="cellrowborder" valign="top" headers="mcps1.3.8.3.2.4.1.1 "><p id="obs_40_0005__p9785191012111">Read</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.8.3.2.4.1.2 "><p id="obs_40_0005__p57852105114">A grantee with this permission can obtain the object content and metadata.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.8.3.2.4.1.2 "><p id="obs_40_0005__p57852105114">A user with this permission can obtain the object content and metadata.</p>
 </td>
 </tr>
 <tr id="obs_40_0005__row21129772"><td class="cellrowborder" valign="top" headers="mcps1.3.8.3.2.4.1.1 "><p id="obs_40_0005__p33789992">Write</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.8.3.2.4.1.2 "><p id="obs_40_0005__p52634865">A grantee with the write access to a bucket can upload, overwrite, and delete any object in the bucket.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.8.3.2.4.1.2 "><p id="obs_40_0005__p52634865">A user with this permission can upload, overwrite, and delete any object in a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0005__row35565678"><td class="cellrowborder" rowspan="2" valign="top" width="19.55%" headers="mcps1.3.8.3.2.4.1.1 "><p id="obs_40_0005__p46542350172415">Access to ACL</p>
 </td>
 <td class="cellrowborder" valign="top" width="14.97%" headers="mcps1.3.8.3.2.4.1.2 "><p id="obs_40_0005__p62247688">Read</p>
 </td>
-<td class="cellrowborder" valign="top" width="65.48%" headers="mcps1.3.8.3.2.4.1.3 "><p id="obs_40_0005__p8897958">A grantee with the read access to a bucket ACL can obtain the ACL of the bucket.</p>
+<td class="cellrowborder" valign="top" width="65.48%" headers="mcps1.3.8.3.2.4.1.3 "><p id="obs_40_0005__p8897958">A user with this permission can obtain the ACL of the bucket.</p>
 <p id="obs_40_0005__p12972762">The bucket owner has this permission permanently by default.</p>
 </td>
 </tr>
 <tr id="obs_40_0005__row49646001"><td class="cellrowborder" valign="top" headers="mcps1.3.8.3.2.4.1.1 "><p id="obs_40_0005__p61903120">Write</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.8.3.2.4.1.2 "><p id="obs_40_0005__p48096812">A grantee with the write access to a bucket ACL can update the ACL of the bucket.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.8.3.2.4.1.2 "><p id="obs_40_0005__p48096812">A user with this permission can update the ACL of the bucket.</p>
 <p id="obs_40_0005__p30218124">The bucket owner has this permission permanently by default.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-<p class="MsoNormal" id="obs_40_0005__p933844134616"><a href="#obs_40_0005__table63381242464">Table 3</a> lists the access permissions of an object ACL.</p>
+<p class="MsoNormal" id="obs_40_0005__p933844134616"><a href="#obs_40_0005__table63381242464">Table 3</a> lists the permissions of an object ACL.</p>
 
-<div class="tablenoborder"><a name="obs_40_0005__table63381242464"></a><a name="table63381242464"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0005__table63381242464" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Access permissions controlled by an object ACL</caption><thead align="left"><tr id="obs_40_0005__en-us_topic_0071293615_row61083978"><th align="left" class="cellrowborder" valign="top" width="19.55%" id="mcps1.3.8.5.2.4.1.1"><p id="obs_40_0005__p3671603217261">Permission Related Concepts</p>
+<div class="tablenoborder"><a name="obs_40_0005__table63381242464"></a><a name="table63381242464"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0005__table63381242464" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Object ACL permissions</caption><thead align="left"><tr id="obs_40_0005__en-us_topic_0071293615_row61083978"><th align="left" class="cellrowborder" valign="top" width="19.55%" id="mcps1.3.8.5.2.4.1.1"><p id="obs_40_0005__p3671603217261">Permission</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="14.97%" id="mcps1.3.8.5.2.4.1.2"><p id="obs_40_0005__en-us_topic_0071293615_p48855171">Option</p>
 </th>
@@ -101,43 +101,43 @@
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0005__en-us_topic_0071293615_row26845555"><td class="cellrowborder" valign="top" width="19.55%" headers="mcps1.3.8.5.2.4.1.1 "><p id="obs_40_0005__p2120863117261">Access to Object</p>
+<tbody><tr id="obs_40_0005__en-us_topic_0071293615_row26845555"><td class="cellrowborder" valign="top" width="19.55%" headers="mcps1.3.8.5.2.4.1.1 "><p id="obs_40_0005__p2120863117261">Access to object</p>
 </td>
 <td class="cellrowborder" valign="top" width="14.97%" headers="mcps1.3.8.5.2.4.1.2 "><p id="obs_40_0005__en-us_topic_0071293615_p27006329">Read</p>
 </td>
-<td class="cellrowborder" valign="top" width="65.48%" headers="mcps1.3.8.5.2.4.1.3 "><p id="obs_40_0005__en-us_topic_0071293615_p40029077">A grantee with the read access to an object can obtain the content and the metadata of the object.</p>
+<td class="cellrowborder" valign="top" width="65.48%" headers="mcps1.3.8.5.2.4.1.3 "><p id="obs_40_0005__en-us_topic_0071293615_p40029077">A user with this permission can obtain the content and metadata of an object.</p>
 </td>
 </tr>
 <tr id="obs_40_0005__en-us_topic_0071293615_row35565678"><td class="cellrowborder" rowspan="2" valign="top" width="19.55%" headers="mcps1.3.8.5.2.4.1.1 "><p id="obs_40_0005__p3315846717261">Access to ACL</p>
 </td>
 <td class="cellrowborder" valign="top" width="14.97%" headers="mcps1.3.8.5.2.4.1.2 "><p id="obs_40_0005__en-us_topic_0071293615_p62247688">Read</p>
 </td>
-<td class="cellrowborder" valign="top" width="65.48%" headers="mcps1.3.8.5.2.4.1.3 "><p id="obs_40_0005__en-us_topic_0071293615_p8897958">A grantee with the read access to an object ACL can obtain the ACL of the object.</p>
+<td class="cellrowborder" valign="top" width="65.48%" headers="mcps1.3.8.5.2.4.1.3 "><p id="obs_40_0005__en-us_topic_0071293615_p8897958">A user with this permission can obtain the object ACL.</p>
 <p id="obs_40_0005__en-us_topic_0071293615_p12972762">The object owner has this permission permanently by default.</p>
 </td>
 </tr>
 <tr id="obs_40_0005__en-us_topic_0071293615_row49646001"><td class="cellrowborder" valign="top" headers="mcps1.3.8.5.2.4.1.1 "><p id="obs_40_0005__en-us_topic_0071293615_p61903120">Write</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.8.5.2.4.1.2 "><p id="obs_40_0005__en-us_topic_0071293615_p48096812">A grantee with the write access to an object ACL can update the ACL of the object.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.8.5.2.4.1.2 "><p id="obs_40_0005__en-us_topic_0071293615_p48096812">A user with this permission can update the ACL of the object.</p>
 <p id="obs_40_0005__en-us_topic_0071293615_p30218124">The object owner has this permission permanently by default.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-<div class="note" id="obs_40_0005__note52714937"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="NotesText" id="obs_40_0005__p361055016509">Every time you change the bucket or object access permission setting in an ACL, it overwrites the existing setting instead of adding a new access permission to the bucket or object.</p>
+<div class="note" id="obs_40_0005__note52714937"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="NotesText" id="obs_40_0005__p361055016509">Every time you change the permissions for a bucket or an object in an ACL, it overwrites the existing permissions instead of adding permissions to the bucket or object.</p>
 </div></div>
 </div>
 <div class="section" id="obs_40_0005__section7479813113513"><h4 class="sectiontitle">Application Scenarios of Bucket ACLs</h4><p id="obs_40_0005__p1126835143516">You can configure bucket ACLs to:</p>
-<ul id="obs_40_0005__ul15126135163517"><li id="obs_40_0005__li1315255684317">Grant an account the read and write access to a bucket, so that data in the bucket can be shared or external buckets can be added. For example, after account <strong id="obs_40_0005__b24133252548">A</strong> grants account <strong id="obs_40_0005__b104195256543">B</strong> the read and write access to a bucket, account <strong id="obs_40_0005__b5420102575412">B</strong> can access the bucket by adding an external bucket through OBS Browser+ or using APIs.</li><li id="obs_40_0005__li1695272321013">Grant the log delivery user group with the write access to the target bucket, so that access logs can be delivered to the target bucket.</li></ul>
+<ul id="obs_40_0005__ul15126135163517"><li id="obs_40_0005__li1315255684317">Grant an account the read and write permissions to a bucket, so that this account can add the bucket as an external one and access objects in the bucket. For example, if you grant an account the read and write permissions to a bucket, the account can access the bucket by adding it as an external bucket through OBS Browser+ or by using APIs.</li><li id="obs_40_0005__li1695272321013">Grant the log delivery user group the write permissions to a bucket that stores access logs.</li></ul>
 </div>
 <div class="section" id="obs_40_0005__section41561114217"><h4 class="sectiontitle">Application Scenarios of Object ACLs</h4><p id="obs_40_0005__p14271741479">You can configure object ACLs to:</p>
-<ul id="obs_40_0005__ul113551761771"><li id="obs_40_0005__li17353206077">Control access to objects. A bucket policy can control access to a single object or a set of objects. If you want to further separately control access to a single object in the set of objects for which a bucket policy has been configured, the object ACL is recommended.</li><li id="obs_40_0005__li43531569714">Access an object through a URL. Generally, if you want to grant anonymous users the permission to read an object through a URL, use the object ACL.</li></ul>
+<ul id="obs_40_0005__ul113551761771"><li id="obs_40_0005__li17353206077">Control access to objects. A bucket policy can control access to a single object or a set of objects. If you want to further control access to a single object in the set of objects for which a bucket policy has been configured, use the object ACL.</li><li id="obs_40_0005__li43531569714">Access an object through a URL. If you want to grant anonymous users the permission to read an object through a URL, use the object ACL.</li></ul>
 </div>
 <div class="section" id="obs_40_0005__section431110283446"><h4 class="sectiontitle">Configuring an ACL Using Header Fields</h4><p class="msonormal" id="obs_40_0005__p63120614"><strong id="obs_40_0005__b1992810151486">Access Control Policies</strong></p>
-<p class="msonormal" id="obs_40_0005__p11391323151620">You can set an access control policy in a header when creating a bucket or uploading an object (for details about the examples, see <a href="https://docs.otc.t-systems.com/en-us/api/obs/obs_04_0021.html" target="_blank" rel="noopener noreferrer">Creating a Bucket</a> and <a href="https://docs.otc.t-systems.com/en-us/api/obs/obs_04_0080.html" target="_blank" rel="noopener noreferrer">Uploading Objects - PUT</a>). Only the access control policies predefined in OBS are available. The <strong id="obs_40_0005__b935013794420">x-obs-acl</strong> is special, which can be configured with six types of permissions. No matter what type of permissions is configured, the owner has full control permission for the buckets or objects. The following table lists the predefined policies.</p>
+<p class="msonormal" id="obs_40_0005__p11391323151620">You can set an access control policy in a header when creating a bucket or uploading an object (for details, see <a href="https://docs.otc.t-systems.com/en-us/api/obs/obs_04_0021.html" target="_blank" rel="noopener noreferrer">Creating a Bucket</a> and <a href="https://docs.otc.t-systems.com/en-us/api/obs/obs_04_0080.html" target="_blank" rel="noopener noreferrer">Uploading Objects - PUT</a>). Only the access control policies predefined in OBS are available. The <strong id="obs_40_0005__b935013794420">x-obs-acl</strong> is special, which can be configured with six types of permissions. No matter what type of permissions is configured, the owner has full control permission for the buckets or objects. The following table lists the predefined policies.</p>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0005__table40200743" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Predefined access control policies in OBS</caption><thead align="left"><tr id="obs_40_0005__row52941605"><th align="left" class="cellrowborder" valign="top" width="26%" id="mcps1.3.11.4.2.3.1.1"><p id="obs_40_0005__p60411613"><strong id="obs_40_0005__b8443332175114">Policy</strong></p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0005__table40200743" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Predefined permissions in OBS</caption><thead align="left"><tr id="obs_40_0005__row52941605"><th align="left" class="cellrowborder" valign="top" width="26%" id="mcps1.3.11.4.2.3.1.1"><p id="obs_40_0005__p60411613">Permission</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="74%" id="mcps1.3.11.4.2.3.1.2"><p id="obs_40_0005__p16651572">Description</p>
 </th>
@@ -145,46 +145,48 @@
 </thead>
 <tbody><tr id="obs_40_0005__row59401073"><td class="cellrowborder" valign="top" width="26%" headers="mcps1.3.11.4.2.3.1.1 "><p id="obs_40_0005__p46757579">private</p>
 </td>
-<td class="cellrowborder" valign="top" width="74%" headers="mcps1.3.11.4.2.3.1.2 "><p id="obs_40_0005__p29267537">Indicates that a bucket or object can be accessed only by its owner.</p>
+<td class="cellrowborder" valign="top" width="74%" headers="mcps1.3.11.4.2.3.1.2 "><p id="obs_40_0005__p29267537">A bucket or an object can be accessed only by its owner.</p>
 </td>
 </tr>
 <tr id="obs_40_0005__row62081249"><td class="cellrowborder" valign="top" width="26%" headers="mcps1.3.11.4.2.3.1.1 "><p id="obs_40_0005__p62525269">public-read</p>
 </td>
-<td class="cellrowborder" valign="top" width="74%" headers="mcps1.3.11.4.2.3.1.2 "><p id="obs_40_0005__p7681262117">If this permission is set for a bucket, everyone can obtain the object list, multipart tasks, bucket metadata, and multiple object versions.</p>
+<td class="cellrowborder" valign="top" width="74%" headers="mcps1.3.11.4.2.3.1.2 "><p id="obs_40_0005__p7681262117">If this permission is set for a bucket, everyone can obtain its object list, multipart tasks, and metadata.</p>
 <p id="obs_40_0005__p1968486171118">If this permission is set for an object, everyone can obtain the content and metadata of the object.</p>
 </td>
 </tr>
 <tr id="obs_40_0005__row14003072"><td class="cellrowborder" valign="top" width="26%" headers="mcps1.3.11.4.2.3.1.1 "><p id="obs_40_0005__p60507081">public-read-write</p>
 </td>
-<td class="cellrowborder" valign="top" width="74%" headers="mcps1.3.11.4.2.3.1.2 "><p id="obs_40_0005__p0821337182312">If this permission is configured for a bucket, everyone can obtain the object list, multipart uploads, bucket metadata, and object versions, and can upload or delete objects, initiate multipart uploads, upload parts, assemble parts, copy parts, and cancel multipart uploads.</p>
+<td class="cellrowborder" valign="top" width="74%" headers="mcps1.3.11.4.2.3.1.2 "><p id="obs_40_0005__p18254101411313">If this permission is configured for a bucket, everyone can:</p>
+<ul id="obs_40_0005__ul1468931619310"><li id="obs_40_0005__li163531916419">Obtain its object list, multipart uploads, and metadata.</li><li id="obs_40_0005__li19175143859">Upload, delete objects.</li><li id="obs_40_0005__li168917161933">Initiate, cancel multipart uploads, upload, assemble, and copy parts.</li></ul>
 <p id="obs_40_0005__p1585537102310">If this permission is set for an object, everyone can obtain the content and metadata of the object.</p>
 </td>
 </tr>
 <tr id="obs_40_0005__row19138812"><td class="cellrowborder" valign="top" width="26%" headers="mcps1.3.11.4.2.3.1.1 "><p id="obs_40_0005__p6739939">public-read-delivered</p>
 </td>
-<td class="cellrowborder" valign="top" width="74%" headers="mcps1.3.11.4.2.3.1.2 "><p id="obs_40_0005__p160339122312">If this permission is set for a bucket, everyone can obtain the object list, multipart tasks, bucket metadata, and multiple object versions, and obtain the content and metadata of the objects in the bucket.</p>
+<td class="cellrowborder" valign="top" width="74%" headers="mcps1.3.11.4.2.3.1.2 "><p id="obs_40_0005__p160339122312">If this permission is set for a bucket, everyone can obtain its object list, multipart tasks, metadata, and obtain the content and metadata of the objects in the bucket.</p>
 <p id="obs_40_0005__p174439142316">This permission does not apply to objects.</p>
 </td>
 </tr>
 <tr id="obs_40_0005__row14468745"><td class="cellrowborder" valign="top" width="26%" headers="mcps1.3.11.4.2.3.1.1 "><p id="obs_40_0005__p31117672">public-read-write-delivered</p>
 </td>
-<td class="cellrowborder" valign="top" width="74%" headers="mcps1.3.11.4.2.3.1.2 "><p id="obs_40_0005__p178541201376">If this permission is configured for a bucket, everyone can obtain the object list, multipart uploads, bucket metadata, and object versions, and can upload or delete objects, initiate multipart uploads, upload parts, assemble parts, copy parts, and cancel multipart uploads. Users can also obtain content and metadata of objects in the bucket. </p>
+<td class="cellrowborder" valign="top" width="74%" headers="mcps1.3.11.4.2.3.1.2 "><p id="obs_40_0005__p19629249596">If this permission is configured for a bucket, everyone can:</p>
+<ul id="obs_40_0005__ul2496128165916"><li id="obs_40_0005__li57464515595">Obtain its object list, multipart uploads, and metadata.</li><li id="obs_40_0005__li10223186112">Upload, delete objects, and obtain content and metadata of objects in the bucket.</li><li id="obs_40_0005__li349619875912">Initiate, cancel multipart uploads, upload, assemble, and copy parts.</li></ul>
 <p id="obs_40_0005__p148581708379">This permission does not apply to objects.</p>
 </td>
 </tr>
 <tr id="obs_40_0005__row7964175710383"><td class="cellrowborder" valign="top" width="26%" headers="mcps1.3.11.4.2.3.1.1 "><p id="obs_40_0005__p3964135716389">bucket-owner-full-control</p>
 </td>
 <td class="cellrowborder" valign="top" width="74%" headers="mcps1.3.11.4.2.3.1.2 "><p id="obs_40_0005__p03281517154816">If this permission is configured for an object, the bucket and object owners have the full control over the object.</p>
-<p id="obs_40_0005__p2278172491410">By default, if you upload an object to a bucket of any other user, the bucket owner does not have the permissions on your object. After you grant this policy to the bucket owner, the bucket owner can have full control over your object.</p>
+<p id="obs_40_0005__p2278172491410">By default, if you upload an object to a bucket of any other user, the bucket owner does not have the permissions on your object. After you grant this permission to the bucket owner, the bucket owner can have full control over your object.</p>
 <p id="obs_40_0005__p8111724182815"> </p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-<div class="note" id="obs_40_0005__note45356040"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="obs_40_0005__p21859552">By default, the access control policy is <strong id="obs_40_0005__b1647151011585">private</strong>.</p>
+<div class="note" id="obs_40_0005__note45356040"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="obs_40_0005__p21859552">By default, the permission is <strong id="obs_40_0005__b1647151011585">private</strong>.</p>
 </div></div>
-<p id="obs_40_0005__p9627101374115">You can also use the following header fields to set access control policies when creating a bucket or uploading an object.</p>
+<p id="obs_40_0005__p9627101374115">You can also use the following header fields to set permissions when creating a bucket or uploading an object.</p>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0005__table1026474564014" frame="border" border="1" rules="all"><caption><b>Table 5 </b>Header fields for setting bucket or object ACLs</caption><thead align="left"><tr id="obs_40_0005__row5265134514018"><th align="left" class="cellrowborder" valign="top" width="24.752475247524753%" id="mcps1.3.11.7.2.3.1.1"><p id="obs_40_0005__p1265845194011">Header</p>
 </th>
@@ -219,13 +221,13 @@
 </tr>
 <tr id="obs_40_0005__row1226924594010"><td class="cellrowborder" valign="top" width="24.752475247524753%" headers="mcps1.3.11.7.2.3.1.1 "><p id="obs_40_0005__p5269245124015">x-obs-grant-read-delivered</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.24752475247524%" headers="mcps1.3.11.7.2.3.1.2 "><p id="obs_40_0005__p98455569453">Used to grant the READ permission for buckets and objects in the buckets to all users in a specific account, and objects inherit the permissions of their bucket.</p>
+<td class="cellrowborder" valign="top" width="75.24752475247524%" headers="mcps1.3.11.7.2.3.1.2 "><p id="obs_40_0005__p98455569453">Used to grant the READ permission for buckets and their objects to all users in a specific account, and objects inherit the permissions of their bucket.</p>
 <p id="obs_40_0005__p1129589506">This permission does not apply to objects.</p>
 </td>
 </tr>
-<tr id="obs_40_0005__row6401452114416"><td class="cellrowborder" valign="top" width="24.752475247524753%" headers="mcps1.3.11.7.2.3.1.1 "><p id="obs_40_0005__p15401752174419">x-obs-grant- full-control- delivered</p>
+<tr id="obs_40_0005__row6401452114416"><td class="cellrowborder" valign="top" width="24.752475247524753%" headers="mcps1.3.11.7.2.3.1.1 "><p id="obs_40_0005__p15401752174419">x-obs-grant-full-control-delivered</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.24752475247524%" headers="mcps1.3.11.7.2.3.1.2 "><p id="obs_40_0005__p0402652194418">Used to grant the FULL_CONTROL permission for buckets and objects in the buckets to all users in a specific account, and objects inherit the permissions of their bucket.</p>
+<td class="cellrowborder" valign="top" width="75.24752475247524%" headers="mcps1.3.11.7.2.3.1.2 "><p id="obs_40_0005__p0402652194418">Used to grant the FULL_CONTROL permission for buckets and their objects to all users in a specific account, and objects inherit the permissions of their bucket.</p>
 <p id="obs_40_0005__p11999151710517">This permission does not apply to objects.</p>
 </td>
 </tr>
@@ -236,7 +238,7 @@
 </div>
 <div>
 <div class="familylinks">
-<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0002.html">Permission Control Mechanisms</a></div>
+<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0002.html">Permission Control Methods</a></div>
 </div>
 </div>
 
diff --git a/docs/obs/perms-cfg/obs_40_0007.html b/docs/obs/perms-cfg/obs_40_0007.html
index 28ce3ba9..bef08efc 100644
--- a/docs/obs/perms-cfg/obs_40_0007.html
+++ b/docs/obs/perms-cfg/obs_40_0007.html
@@ -1,10 +1,10 @@
 <a name="obs_40_0007"></a><a name="obs_40_0007"></a>
 
 <h1 class="topictitle1">Accessing OBS Using Permanent Access Keys</h1>
-<div id="body1597061276141"><p id="obs_40_0007__p8384154201114">OBS provides REST APIs that supports authenticated requests and anonymous requests. Anonymous requests are typically used for scenarios that require public access, such as accessing a hosted static website. In most scenarios, accessing OBS resources require authenticated requests. An authenticated request contains a signature value. The signature value is calculated based on the requester's access keys (a pair of AK and SK) as the encryption factor and the specific information carried by the request body. The signature calculation process is included in the SDK. You only need to prepare the access keys when initializing the SDK. Then the signature calculation is implemented automatically. However, if a client uses the REST APIs to develop a program to access OBS, the client needs to calculate the signature based on the signature algorithm defined by the OBS and add the signature to the request.</p>
+<div id="body1597061276141"><p id="obs_40_0007__p8384154201114">OBS REST APIs support authenticated requests and anonymous requests. Anonymous requests are typically used for public access, such as accessing hosted static websites. In most cases, authenticated requests are required for accessing OBS resources. An authenticated request contains a signature value that is calculated based on the requester's access keys (AK and SK) and the specific information carried in the request body. You only need to prepare the access keys for the SDK. The SDK will then automatically calculate the signature for you. However, if a client uses REST APIs to develop a program to access OBS, the client needs to calculate the signature based on the signature algorithm defined by OBS and add the signature to the request.</p>
 <p id="obs_40_0007__p15291241">Users can create permanent access keys (a pair of AK and SK) on the <strong id="obs_40_0007__b536018488218">My Credentials</strong> page.</p>
-<ul id="obs_40_0007__ul36784332"><li id="obs_40_0007__li32558606">AK stands for the access key ID. It is the unique ID associated with the secret access key (SK). An AK is used together with an SK to encrypt and sign a request.</li><li id="obs_40_0007__li24592002">They can identify a request sender and prevent the request from being modified.</li></ul>
-<p class="msonormal" id="obs_40_0007__p62623536">An AK is also the unique identifier of an IAM user. OBS identifies a user based on its AK and SK, and then checks the permissions.</p>
+<ul id="obs_40_0007__ul36784332"><li id="obs_40_0007__li32558606">AK: a unique ID of the secret access key (SK). An AK is used together with an SK to encrypt and sign a request.</li><li id="obs_40_0007__li24592002">SK: a secret access key used together with its AK to verify a request sender and prevent the request from being tampered with.</li></ul>
+<p class="msonormal" id="obs_40_0007__p62623536">An AK can also identify an IAM user. OBS identifies an IAM user by their AK and SK, and then checks whether they have the permissions to access the resources they are requesting.</p>
 <p id="obs_40_0007__p136071453104913">For details about how to obtain the permanent access keys, see <a href="https://docs.otc.t-systems.com/en-us/browsertg/obs/obs_03_1007.html" target="_blank" rel="noopener noreferrer">Where Can I Obtain Access Keys (AK and SK)?</a></p>
 </div>
 <div>
diff --git a/docs/obs/perms-cfg/obs_40_0008.html b/docs/obs/perms-cfg/obs_40_0008.html
index 965e65db..0f515b19 100644
--- a/docs/obs/perms-cfg/obs_40_0008.html
+++ b/docs/obs/perms-cfg/obs_40_0008.html
@@ -1,28 +1,28 @@
 <a name="obs_40_0008"></a><a name="obs_40_0008"></a>
 
 <h1 class="topictitle1">Accessing OBS Using Temporary Access Keys</h1>
-<div id="body1597060383204"><div class="section" id="obs_40_0008__section9831018134415"><h4 class="sectiontitle">Temporary Access Keys</h4><p id="obs_40_0008__p13730171513276">OBS can be accessed through temporary access keys and the security token, which can be obtained on IAM. You can assign the temporary access keys (including the security token) to a third-party application and an IAM user, so they can access OBS within a specified period of time.</p>
-<p id="obs_40_0008__p1046714345219">You can obtain the temporary access keys and security token by calling the IAM API in <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0097949518.html" target="_blank" rel="noopener noreferrer">Obtaining a Temporary AK/SK</a>.</p>
-<p id="obs_40_0008__p15487641192319">Temporary AK/SK and security token comply with the least privilege principle and can be used to temporarily access OBS. When you use a temporary AK/SK pair to call an API for authentication, you must use the temporary AK/SK and security token at the same time and add the <strong id="obs_40_0008__b24394441318">x-obs-security-token</strong> field to the request header.</p>
+<div id="body1597060383204"><div class="section" id="obs_40_0008__section9831018134415"><h4 class="sectiontitle">Temporary Access Keys</h4><p id="obs_40_0008__p13730171513276">You can assign temporary security credentials (including an AK, an SK, and a security token) to a third-party application or an IAM user, so that they can access OBS only for a specified period of time.</p>
+<p id="obs_40_0008__p1046714345219">You can obtain temporary security credentials by calling an IAM API. For details, see <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0097949518.html" target="_blank" rel="noopener noreferrer">Obtaining a Temporary AK/SK</a>.</p>
+<p id="obs_40_0008__p15487641192319">The least privilege principle is granted for temporary security credentials to ensure security. Both a temporary AK/SK pair and a security token are required to call an API for authentication, which means that the request header needs to include <strong id="obs_40_0008__b24394441318">x-obs-security-token</strong> field.</p>
 <p id="obs_40_0008__p886610168273">Temporary access keys have the following advantages over permanent access keys of IAM users:</p>
-<ul id="obs_40_0008__ul48663167279"><li id="obs_40_0008__li118661716152719">Temporary access keys are valid for 15 minutes to 24 hours. You do not need to expose the permanent access keys of IAM users, reducing security risks.</li><li id="obs_40_0008__li957912263442">When obtaining temporary access keys, you can pass policy parameters to further restrict the temporary permissions granted to users. This ensures that IAM users can effectively control permissions granted to other users.</li></ul>
+<ul id="obs_40_0008__ul48663167279"><li id="obs_40_0008__li118661716152719">Temporary access keys are valid for 15 minutes to 24 hours. Permanent access keys of IAM users are not exposed, reducing the risk of identity theft or fraud.</li><li id="obs_40_0008__li957912263442">When obtaining temporary access keys, you can send the policy parameter to request for the least temporary permissions that can be granted to IAM users.</li></ul>
 <p id="obs_40_0008__p132948119510">For details, see <a href="https://docs.otc.t-systems.com/api_obs/obs/en-us_topic_0125560435.html" target="_blank" rel="noopener noreferrer">Authenticating a Request</a>.</p>
 </div>
-<div class="section" id="obs_40_0008__section114813400459"><h4 class="sectiontitle">Permissions of the Temporary Access Keys</h4><p id="obs_40_0008__p88917031019">When an IAM user calls the IAM API in <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0097949518.html" target="_blank" rel="noopener noreferrer">Obtaining a Temporary AK/SK</a>, the user can specify parameter <strong id="obs_40_0008__b194816914418">policy</strong> to add a temporary policy for the temporary access keys to further restrict the permissions granted to other users. The format and content of a temporary policy are consistent with those specified in <a href="obs_40_0003.html">IAM Permissions</a>.</p>
-<ul id="obs_40_0008__ul9969419203210"><li id="obs_40_0008__li3649172273215">If policy parameters are not specified, no temporary policies are used. The temporary access keys inherit the IAM user's permissions.</li><li id="obs_40_0008__li220117270328">If policy parameters are specified, a temporary policy is enabled. Then the temporary access keys confine the granted permissions according to the temporary policy and the IAM user permissions.</li></ul>
-<p id="obs_40_0008__p96091528153211">As shown in the following figure, circle 1 indicates the original permissions of an IAM user, and circle 2 indicates the temporary permissions specified by a temporary policy. The overlapped part 3 is the scope of permissions enabled by the temporary access keys.</p>
+<div class="section" id="obs_40_0008__section114813400459"><h4 class="sectiontitle">Permissions of Temporary Access Keys</h4><p id="obs_40_0008__p88917031019">When an IAM user calls the IAM API for <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0097949518.html" target="_blank" rel="noopener noreferrer">Obtaining a Temporary AK/SK</a>, the user can send the <strong id="obs_40_0008__b194816914418">policy</strong> parameter to add a temporary policy to further restrict the permissions that can be granted to other users. The format and content of a temporary policy should be consistent with those specified in <a href="obs_40_0003.html">IAM Permissions</a>.</p>
+<ul id="obs_40_0008__ul9969419203210"><li id="obs_40_0008__li3649172273215">If the <strong id="obs_40_0008__b755383815918">policy</strong> parameter is not specified, the temporary access keys have the IAM user's permissions.</li><li id="obs_40_0008__li220117270328">If the <strong id="obs_40_0008__b176589621310">policy</strong> parameter is specified, the temporary access keys' permissions are the overlaps between the temporary policy's permissions and the IAM user's permissions.</li></ul>
+<p id="obs_40_0008__p96091528153211">As shown in the following figure, circle 1 indicates an IAM user's permissions, and circle 2 indicates the temporary policy's permissions. The overlapping part 3 is the permissions of the temporary access keys.</p>
 <div class="fignone" id="obs_40_0008__fig479016438362"><span class="figcap"><b>Figure 1 </b>Intersection of IAM user permissions and temporary policy permissions</span><br><span><img id="obs_40_0008__image1769334518330" src="en-us_image_0269157281.png"></span></div>
-<p id="obs_40_0008__p15917195513116"><span style="color:#3D3F43;">Temporary access keys comply with the least privilege principle</span>. Configure a temporary policy within the original permission scope of an IAM user. Otherwise you may be confused about why permissions enabled by a temporary policy are not effective. As illustrated by the following figure, the finally effective permissions are the authorized temporary permissions.</p>
-<div class="fignone" id="obs_40_0008__fig78106108396"><span class="figcap"><b>Figure 2 </b>Restricting temporary permissions within the scope of IAM user permissions</span><br><span><img id="obs_40_0008__image79784541391" src="en-us_image_0269160697.png"></span></div>
-<p id="obs_40_0008__p2062985411216">A temporary policy authentication starts from the Deny statements. Unspecified permissions are denied by default.</p>
-<div class="note" id="obs_40_0008__note1450962491713"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0008__p9509524111715">Therefore, you are advised to specify only the allowed permission.</p>
+<p id="obs_40_0008__p15917195513116">Temporary access keys have the least privilege. You are advised to restrict a temporary policy's permissions within an IAM user's permissions. If a temporary policy's permissions are not all within the IAM user's permissions, the temporary access keys' permissions are definitely not the temporary policy's permissions. As illustrated by the following figure, the finally granted permissions are the temporary policy's permissions.</p>
+<div class="fignone" id="obs_40_0008__fig78106108396"><span class="figcap"><b>Figure 2 </b>Restricting temporary permissions within IAM user permissions</span><br><span><img id="obs_40_0008__image79784541391" src="en-us_image_0269160697.png"></span></div>
+<p id="obs_40_0008__p2062985411216">For a temporary policy's permissions, Deny always overrides Allow. Unspecified permissions are all Deny permissions by default.</p>
+<div class="note" id="obs_40_0008__note1450962491713"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0008__p9509524111715">Therefore, you are advised to specify only Allow permissions.</p>
 </div></div>
 </div>
-<div class="section" id="obs_40_0008__section1586812104015"><h4 class="sectiontitle">Application Scenarios</h4><p id="obs_40_0008__p582375113811">Temporary access keys are used to authorize third parties to temporarily access OBS. For example, some companies have their user management systems, which manage device app users and local enterprise users. These users do not have IAM user permissions, so IAM users can grant temporary access keys to these users when they need to access OBS.</p>
+<div class="section" id="obs_40_0008__section1586812104015"><h4 class="sectiontitle">Application Scenarios</h4><p id="obs_40_0008__p582375113811">Temporary access keys are authorized to third parties to allow them to temporarily access OBS. For example, some companies have user management systems that manage app users and local users. These users do not have IAM user permissions, so IAM can grant temporary access keys to allow these users to temporarily access OBS.</p>
 <p id="obs_40_0008__p2028733765210"><strong id="obs_40_0008__b171291233598">Typical application scenario:</strong></p>
-<p id="obs_40_0008__p1722820165317">A company has a large number of device apps that need to access OBS. Different apps represent different end users who require different access permissions. In this case, temporary access keys can be used to access OBS.</p>
+<p id="obs_40_0008__p1722820165317">A company has a large number of apps that need to access OBS. Different apps require different access permissions. In this case, temporary access keys can be granted to app users to allow them to temporarily access OBS.</p>
 <div class="fignone" id="obs_40_0008__fig1578555615594"><span class="figcap"><b>Figure 3 </b>Application scenarios of temporary access keys</span><br><span><img id="obs_40_0008__image8785185610591" src="en-us_image_0268971273.jpg"></span></div>
-<ol id="obs_40_0008__ol13913571123"><li id="obs_40_0008__li187401810623">If the customer's server can obtain permanent access keys for IAM users, the server can send requests to IAM to generate different temporary access keys for different apps.<p id="obs_40_0008__p1515944241010"><a name="obs_40_0008__li187401810623"></a><a name="li187401810623"></a>IAM users can obtain the temporary access keys and security token by calling the IAM API in <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0097949518.html" target="_blank" rel="noopener noreferrer">Obtaining a Temporary AK/SK</a>. When calling this API, pass the <strong id="obs_40_0008__b17874234156">policy</strong> parameter to set a temporary policy. An example is provided as follows:</p>
+<ol id="obs_40_0008__ol13913571123"><li id="obs_40_0008__li187401810623">The customer server has permanent access keys, so it can request IAM to generate different temporary access keys for different apps.<p id="obs_40_0008__p1515944241010"><a name="obs_40_0008__li187401810623"></a><a name="li187401810623"></a>IAM users can call the IAM API for <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0097949518.html" target="_blank" rel="noopener noreferrer">Obtaining a Temporary AK/SK</a>. IAM users can also send the <strong id="obs_40_0008__b17874234156">policy</strong> parameter to request for temporary policy's permissions. An example is provided as follows:</p>
 <pre class="screen" id="obs_40_0008__screen895118193314">{
     "auth": {
         "identity": {
@@ -36,7 +36,7 @@
     }
 }</pre>
 <p id="obs_40_0008__p196416033516">The policy's syntax and format are the same as those specified in <a href="obs_40_0003.html">IAM Permissions</a>.</p>
-</li><li id="obs_40_0008__li02417287213">IAM generates temporary access keys with different permissions and validity periods based on the passed policy parameters and returns the access keys to the customer server.</li><li id="obs_40_0008__li11742153019213">Then the customer server distributes the temporary access keys to device apps that require such permissions.</li><li id="obs_40_0008__li173616331227">A device app can use the temporary access keys to access OBS through OBS SDKs or APIs. Temporary access keys are valid for a short period of time. If the device app needs to prolong its use of OBS, it should send a request to the customer server for updating temporary access keys before they expire.</li></ol>
+</li><li id="obs_40_0008__li02417287213">IAM generates temporary access keys with different permissions and validity periods based on the <strong id="obs_40_0008__b955865417114">policy</strong> parameter and returns the access keys to the customer server.</li><li id="obs_40_0008__li11742153019213">The customer server distributes the temporary access keys to apps.</li><li id="obs_40_0008__li173616331227">Apps can use the temporary access keys to access OBS through OBS SDKs or APIs. Temporary access keys are valid for the specified period of time. If the apps need to prolong the access to OBS, they should request to the customer server to update temporary access keys before they expire.</li></ol>
 </div>
 <div class="section" id="obs_40_0008__section68052393915"><h4 class="sectiontitle">Configuration Example</h4><p id="obs_40_0008__p14371168163915">For details, see <a href="obs_40_0037.html">Granting Temporary Access to OBS</a>.</p>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0009.html b/docs/obs/perms-cfg/obs_40_0009.html
index cf66b4d4..ae58834d 100644
--- a/docs/obs/perms-cfg/obs_40_0009.html
+++ b/docs/obs/perms-cfg/obs_40_0009.html
@@ -1,16 +1,16 @@
 <a name="obs_40_0009"></a><a name="obs_40_0009"></a>
 
 <h1 class="topictitle1">Accessing OBS Using a Temporary URL</h1>
-<div id="body1588766432188"><p id="obs_40_0009__p8235152911353">You can use a temporary URL to access OBS and perform operations such as bucket creation or object upload and download. This section describes how to share objects using a temporary URL.</p>
-<div class="section" id="obs_40_0009__section19994292017"><h4 class="sectiontitle">Sharing Objects</h4><p id="obs_40_0009__p8060118">You can share objects (files or folders) stored in OBS with all users within a specified period.</p>
+<div id="body1588766432188"><p id="obs_40_0009__p8235152911353">You can share a temporary URL to allow other users to access OBS to create buckets and upload and download objects. This section describes how to share a temporary URL to allow other users to temporarily access objects.</p>
+<div class="section" id="obs_40_0009__section19994292017"><h4 class="sectiontitle">Sharing Objects</h4><p id="obs_40_0009__p8060118">You can share a temporary URL to allow other users to access objects (files or folders) for only a specified period of time.</p>
 <p id="obs_40_0009__p485730113312"><strong id="obs_40_0009__b317316469135">Sharing a file</strong></p>
-<p id="obs_40_0009__p728652492213">All URLs generated during file sharing are temporary and remain valid for a limited period of time.</p>
-<p id="obs_40_0009__p23269357438">A temporary URL uses V4 temporarily authorized requests. The following is a temporary URL sample:</p>
-<pre class="screen" id="obs_40_0009__screen732623584313">https://oss.<em id="obs_40_0009__i77546494">regionid</em>.example.region.com/<em id="obs_40_0009__i1717434918">bucketname</em>/<em id="obs_40_0009__i1877416498">objectname</em>?<span style="color:#FF0000;">X-Amz-Algorithm</span>=<em id="obs_40_0009__i1071048494">xxx</em>&amp;<span style="color:#FF0000;">X-Amz-Credential</span>=<em id="obs_40_0009__i11717411494">xxx</em>&amp;<span style="color:#FF0000;">X-Amz-Date</span>=<em id="obs_40_0009__i07047498">xxx</em>&amp;<span style="color:#FF0000;">X-Amz-Expires</span>=900&amp;<span style="color:#FF0000;">X-Amz-Signature</span>=<em id="obs_40_0009__i8713464915">xxx</em>&amp;<span style="color:#FF0000;">X-Amz-SignedHeaders</span>=<em id="obs_40_0009__i1671148498">xxx</em>&amp;<span style="color:#FF0000;">response-content-disposition</span>=<em id="obs_40_0009__i9714484913">xxx</em></pre>
-<p id="obs_40_0009__p78796553521">For details about the temporary authentication and parameters, see <a href="https://docs.otc.t-systems.com/en-us/api_obs/obs/en-us_topic_0125560420.html" target="_blank" rel="noopener noreferrer">V4 Temporarily Authorized Request</a> in the <em id="obs_40_0009__i188166914813">Object Storage Service API Reference</em>. A temporary URL also contains the <strong id="obs_40_0009__b1455482495">response-content-disposition</strong> parameter that defines whether an object is directly downloaded or previewed in a browser when it is accessed. This is determined by the browser based on the <strong id="obs_40_0009__b16555621918">Content-Type</strong> of the shared object.</p>
+<p id="obs_40_0009__p728652492213">All URLs generated during file sharing are temporary and remain valid for a specified period of time.</p>
+<p id="obs_40_0009__p23269357438">A temporary URL uses V4 temporarily authorized requests. The following is an example:</p>
+<pre class="screen" id="obs_40_0009__screen732623584313">https://oss.<em id="obs_40_0009__i77546494">regionid</em>.example.region.com/<em id="obs_40_0009__i1717434918">bucketname</em>/<em id="obs_40_0009__i1877416498">objectname</em>?X-Amz-Algorithm=<em id="obs_40_0009__i1071048494">xxx</em>&amp;X-Amz-Credential=<em id="obs_40_0009__i11717411494">xxx</em>&amp;X-Amz-Date=<em id="obs_40_0009__i07047498">xxx</em>&amp;X-Amz-Expires=900&amp;X-Amz-Signature=<em id="obs_40_0009__i8713464915">xxx</em>&amp;X-Amz-SignedHeaders=<em id="obs_40_0009__i1671148498">xxx</em>&amp;response-content-disposition=<em id="obs_40_0009__i9714484913">xxx</em></pre>
+<p id="obs_40_0009__p78796553521">For details about the temporary authentication and parameters, see <a href="https://docs.otc.t-systems.com/en-us/api_obs/obs/en-us_topic_0125560420.html" target="_blank" rel="noopener noreferrer">V4 Temporarily Authorized Request</a> in the <em id="obs_40_0009__i188166914813">Object Storage Service API Reference</em>. A temporary URL also contains the <strong id="obs_40_0009__b128263913819">response-content-disposition</strong> parameter that defines whether an object is to be downloaded or previewed in a browser. The browser obtains the value of <strong id="obs_40_0009__b19838395819">response-content-disposition</strong> based on the <strong id="obs_40_0009__b38313918815">Content-Type</strong> of the shared object.</p>
 <p id="obs_40_0009__p52403316294">After you share an object by choosing <strong id="obs_40_0009__b10272191912013">More</strong> &gt; <strong id="obs_40_0009__b1727220197208">Copy Object URL</strong> on OBS Console, the system will generate a URL that contains the temporary authentication information, valid for 900 seconds since its generation by default. Each time you click <strong id="obs_40_0009__b17360142022216">Copy Object URL</strong>, OBS will obtain the authentication information again to generate a new sharing URL whose validity period is reset.</p>
 </div>
-<div class="section" id="obs_40_0009__section2995192554816"><h4 class="sectiontitle">Limitations and Constraints</h4><ul id="obs_40_0009__ul109951125124812"><li id="obs_40_0009__li799542515487">The validity period of files shared through OBS Console is fixed at 900s. If you want a file to be accessed permanently, you can configure <a href="https://docs.otc.t-systems.com/usermanual/obs/en-us_topic_0045853745.html" target="_blank" rel="noopener noreferrer">a bucket policy or an object policy</a>.</li><li id="obs_40_0009__li1862383053711">Only buckets 3.0 support file and folder sharing. You can view the bucket version in the <strong id="obs_40_0009__b769213043717">Basic Information</strong> area on the <strong id="obs_40_0009__b176922023714">Overview</strong> page of a bucket.</li><li id="obs_40_0009__li1068453183718">To share a cold object, restore it first.</li></ul>
+<div class="section" id="obs_40_0009__section2995192554816"><h4 class="sectiontitle">Limitations and Constraints</h4><ul id="obs_40_0009__ul109951125124812"><li id="obs_40_0009__li799542515487">The validity period of files shared through OBS Console is fixed at 900s. If you want to allow permanent access to a file, you can configure <a href="https://docs.otc.t-systems.com/usermanual/obs/en-us_topic_0045853745.html" target="_blank" rel="noopener noreferrer">a bucket policy or an object policy</a>.</li><li id="obs_40_0009__li1862383053711">Only buckets of version 3.0 support file and folder sharing. You can view the bucket version in the <strong id="obs_40_0009__b769213043717">Basic Information</strong> area on the <strong id="obs_40_0009__b176922023714">Overview</strong> page of a bucket.</li><li id="obs_40_0009__li1068453183718">To share a cold object, restore it first.</li></ul>
 </div>
 </div>
 <div>
diff --git a/docs/obs/perms-cfg/obs_40_0010.html b/docs/obs/perms-cfg/obs_40_0010.html
index d31200b9..0faca685 100644
--- a/docs/obs/perms-cfg/obs_40_0010.html
+++ b/docs/obs/perms-cfg/obs_40_0010.html
@@ -1,7 +1,7 @@
 <a name="obs_40_0010"></a><a name="obs_40_0010"></a>
 
 <h1 class="topictitle1">Accessing OBS Using an IAM Agency</h1>
-<div id="body1593432992233"><p id="obs_40_0010__p8060118">The IAM agency is a function of Identity and Access Management (IAM). In some OBS application scenarios (such as CDN private bucket retrieval and cross-region replication), IAM agencies are required to grant other users or cloud services the permission to access OBS and manage OBS resources for the delegating party, thus implementing secure and efficient agent maintenance.</p>
+<div id="body1593432992233"><p id="obs_40_0010__p8060118">The IAM agency is a function of Identity and Access Management (IAM). In scenarios such as CDN private bucket retrieval and cross-region replication, IAM agencies are required to grant other users or cloud services the permissions to access and to securely and efficiently manage OBS resources.</p>
 <p id="obs_40_0010__p7715152117311">For details about IAM agencies, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0026.html" target="_blank" rel="noopener noreferrer">Identity and Access Management User Guide</a>.</p>
 </div>
 <div>
diff --git a/docs/obs/perms-cfg/obs_40_0011.html b/docs/obs/perms-cfg/obs_40_0011.html
index 907378c6..07886dc3 100644
--- a/docs/obs/perms-cfg/obs_40_0011.html
+++ b/docs/obs/perms-cfg/obs_40_0011.html
@@ -1,34 +1,34 @@
 <a name="obs_40_0011"></a><a name="obs_40_0011"></a>
 
-<h1 class="topictitle1">Typical Permission Control Scenarios</h1>
-<div id="body1588765301378"><p id="obs_40_0011__p208051717135517">The following typical scenarios are provided to help you better configure OBS permission control.</p>
-<p id="obs_40_0011__p450012614259">Factors to consider before configuring permission control:</p>
-<ol id="obs_40_0011__ol838416464318"><li id="obs_40_0011__li1238424174319"><strong id="obs_40_0011__b20514845194711">Who are granted</strong>: Grantees can be a single IAM user, multiple IAM users or user groups, other accounts, and anonymous users.</li><li id="obs_40_0011__li1589648104320"><strong id="obs_40_0011__b1147712564478">What resources will be accessed</strong>: Such resources can be all OBS resources (requiring service-level permissions), specified buckets, and specified objects.</li><li id="obs_40_0011__li9359217184615"><strong id="obs_40_0011__b7610105485">What permissions are granted</strong>: In addition to configure basic permissions, such as read and read/write permissions, you can also customize permissions based on your needs.</li></ol>
-<p id="obs_40_0011__p15476185084820">OBS provides various permission control mechanisms for different scenarios. The following figure can help you quickly find the best method that matches your requirements.</p>
-<div class="fignone" id="obs_40_0011__fig948112311130"><span class="figcap"><b>Figure 1 </b>Typical permission scenarios</span><br><span><img id="obs_40_0011__image144815310137" src="en-us_image_0000001254687479.png"></span></div>
-<p id="obs_40_0011__p13461202015411">The following table lists the permission control cases in typical scenarios for your reference.</p>
+<h1 class="topictitle1">Typical Permissions Scenarios</h1>
+<div id="body1588765301378"><p id="obs_40_0011__p208051717135517">The permissions settings for typical scenarios are provided to facilitate permissions management.</p>
+<p id="obs_40_0011__p450012614259">You need to consider the following factors before configuring permissions:</p>
+<ol id="obs_40_0011__ol838416464318"><li id="obs_40_0011__li1238424174319"><strong id="obs_40_0011__b20514845194711">Who are granted access</strong>: A single IAM user, multiple IAM users or user groups, other accounts, or anonymous users</li><li id="obs_40_0011__li1589648104320"><strong id="obs_40_0011__b1147712564478">What resources will be accessed</strong>: All OBS resources (service-level permissions), specified buckets, or specified objects</li><li id="obs_40_0011__li9359217184615"><strong id="obs_40_0011__b7610105485">What permissions are granted</strong>: Basic permissions, such as read and read/write permissions, or customized permissions</li></ol>
+<p id="obs_40_0011__p15476185084820">OBS provides various permission control methods for different scenarios. The following figure can help you quickly find the best method for your needs.</p>
+<div class="fignone" id="obs_40_0011__fig948112311130"><span class="figcap"><b>Figure 1 </b>Typical permissions scenarios</span><br><span><img id="obs_40_0011__image144815310137" src="en-us_image_0000001254687479.png"></span></div>
+<p id="obs_40_0011__p13461202015411">The following table lists the typical scenarios for your reference.</p>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0011__table5166203464617" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Configuration cases in typical scenarios</caption><thead align="left"><tr id="obs_40_0011__row12166143413462"><th align="left" class="cellrowborder" valign="top" width="27.72%" id="mcps1.3.7.2.3.1.1"><p id="obs_40_0011__p71661934154618">Scenario</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0011__table5166203464617" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Typical permission configuration scenarios</caption><thead align="left"><tr id="obs_40_0011__row12166143413462"><th align="left" class="cellrowborder" valign="top" width="27.72%" id="mcps1.3.7.2.3.1.1"><p id="obs_40_0011__p71661934154618">Scenario</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="72.28%" id="mcps1.3.7.2.3.1.2"><p id="obs_40_0011__p16166103434612">Configuration Case</p>
+<th align="left" class="cellrowborder" valign="top" width="72.28%" id="mcps1.3.7.2.3.1.2"><p id="obs_40_0011__p16166103434612">Quick Links for Permission Configuration</p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0011__row41661034204612"><td class="cellrowborder" rowspan="5" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p1016620343468">Granting permissions to an IAM user under the current account</p>
+<tbody><tr id="obs_40_0011__row41661034204612"><td class="cellrowborder" rowspan="5" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p1016620343468">Granting permissions to a single IAM user under the current account</p>
 </td>
-<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p0166143484615"><a href="obs_40_0014.html">Granting an IAM User the Permissions Required to List and Create Buckets</a></p>
+<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p0166143484615"><a href="obs_40_0014.html">Granting an IAM User the Permissions to Create and List Buckets</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row10166113411469"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p6166113413467"><a href="obs_40_0015.html">Granting an IAM User the Read and Write Permissions on a Bucket</a></p>
+<tr id="obs_40_0011__row10166113411469"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p6166113413467"><a href="obs_40_0015.html">Granting an IAM User the Read/Write Permission on a Bucket</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row616643416467"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p516603413468"><a href="obs_40_0016.html">Granting an IAM User the Permissions Required to Perform Specific Operations on a Specific Bucket</a></p>
+<tr id="obs_40_0011__row616643416467"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p516603413468"><a href="obs_40_0016.html">Granting an IAM User the Specified Permissions for a Bucket</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row916617344466"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p5166103444612"><a href="obs_40_0017.html">Granting an IAM User the Read Permission on a Specific Object</a></p>
+<tr id="obs_40_0011__row916617344466"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p5166103444612"><a href="obs_40_0017.html">Granting an IAM User the Read Permissions on Specific Objects</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row161661234184618"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p181667345467"><a href="obs_40_0018.html">Granting an IAM User the Permissions Required to Perform Specific Operations on Certain Objects</a></p>
+<tr id="obs_40_0011__row161661234184618"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p181667345467"><a href="obs_40_0018.html">Granting an IAM User the Specific Permissions on Specific Objects</a></p>
 </td>
 </tr>
 <tr id="obs_40_0011__row1116683419469"><td class="cellrowborder" rowspan="4" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p201661934174616">Granting permissions to multiple IAM users or user groups under the current account</p>
@@ -39,38 +39,38 @@
 <tr id="obs_40_0011__row2166163419466"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p816673494612"><a href="obs_40_0021.html">Granting IAM User Groups Basic Permissions on All OBS Resources</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row158760195713"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p16886010576"><a href="obs_40_0022.html">Granting IAM User Groups Specified Permissions on All OBS Resources</a></p>
+<tr id="obs_40_0011__row158760195713"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p16886010576"><a href="obs_40_0022.html">Granting IAM User Groups Specific Permissions for All OBS Resources</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row14565103216579"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p756563255710"><a href="obs_40_0023.html">Granting IAM User Groups Specified Permissions on Certain OBS Resources</a></p>
+<tr id="obs_40_0011__row14565103216579"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p756563255710"><a href="obs_40_0023.html">Granting IAM User Groups Specific Permissions on Specific OBS Resources</a></p>
 </td>
 </tr>
 <tr id="obs_40_0011__row19214163615570"><td class="cellrowborder" rowspan="5" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p1521111362571">Granting permissions to other accounts</p>
 </td>
-<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p221111364578"><a href="obs_40_0025.html">Granting an Account the Read and Write Permissions on a Bucket</a></p>
+<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p221111364578"><a href="obs_40_0025.html">Granting Other Accounts the Read/Write Permission for a Bucket</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row15213736195717"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p102111236155710"><a href="obs_40_0026.html">Granting an Account the Specified Permissions on a Bucket</a></p>
+<tr id="obs_40_0011__row15213736195717"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p102111236155710"><a href="obs_40_0026.html">Granting Other Accounts the Specified Permissions for a Bucket</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row74361952195611"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p17500721185617"><a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket</a></p>
+<tr id="obs_40_0011__row74361952195611"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p17500721185617"><a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and the Resources in It</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row12131836195711"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p1821111366579"><a href="obs_40_0028.html">Granting an Account Read Permissions on Certain Objects</a></p>
+<tr id="obs_40_0011__row12131836195711"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p1821111366579"><a href="obs_40_0028.html">Granting Other Accounts the Read Permission for Certain Objects</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row237901617583"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p637811163586"><a href="obs_40_0029.html">Granting an Account the Specified Permissions on Certain Objects</a></p>
+<tr id="obs_40_0011__row237901617583"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p637811163586"><a href="obs_40_0029.html">Granting Other Accounts Specific Permissions for Specific Objects</a></p>
 </td>
 </tr>
 <tr id="obs_40_0011__row9379111605813"><td class="cellrowborder" rowspan="4" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p43781316155819">Granting permissions to anonymous users</p>
 </td>
-<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p5378191611588"><a href="obs_40_0031.html">Granting Anonymous Users Public Read Permissions on a Bucket</a></p>
+<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p5378191611588"><a href="obs_40_0031.html">Granting Anonymous Users the Public Read Permission for a Bucket</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row17665101919589"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p15664171965816"><a href="obs_40_0032.html">Granting Anonymous Users Public Read Permissions on a Directory</a></p>
+<tr id="obs_40_0011__row17665101919589"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p15664171965816"><a href="obs_40_0032.html">Granting Anonymous Users the Read Permission for a Directory</a></p>
 </td>
 </tr>
-<tr id="obs_40_0011__row166501995815"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p7664101918588"><a href="obs_40_0033.html">Granting Anonymous Users Public Read Permissions on Certain Objects</a></p>
+<tr id="obs_40_0011__row166501995815"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p7664101918588"><a href="obs_40_0033.html">Granting Anonymous Users the Read Permission for Certain Objects</a></p>
 </td>
 </tr>
 <tr id="obs_40_0011__row148469160595"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p12844121685912"><a href="obs_40_0034.html">Temporarily Sharing Objects with Anonymous Users</a></p>
@@ -83,11 +83,16 @@
 </tr>
 <tr id="obs_40_0011__row19316192981419"><td class="cellrowborder" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p2084451620593">Restricting access to specified IP addresses</p>
 </td>
-<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p555917422118"><a href="obs_40_0036.html">Preventing Specific IP Addresses from Accessing a Bucket</a></p>
+<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p555917422118"><a href="obs_40_0036.html">Restricting Access to a Bucket for Specific IP Addresses</a></p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
 </div>
+<div>
+<div class="familylinks">
+<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Permission Configuration in Typical Scenarios</a></div>
+</div>
+</div>
 
diff --git a/docs/obs/perms-cfg/obs_40_0012.html b/docs/obs/perms-cfg/obs_40_0012.html
index a934ac23..9d9af89d 100644
--- a/docs/obs/perms-cfg/obs_40_0012.html
+++ b/docs/obs/perms-cfg/obs_40_0012.html
@@ -1,9 +1,11 @@
 <a name="obs_40_0012"></a><a name="obs_40_0012"></a>
 
-<h1 class="topictitle1">Configuration Cases in Typical Permission Control Scenarios</h1>
+<h1 class="topictitle1">Permission Configuration in Typical Scenarios</h1>
 <div id="body1588765301378"></div>
 <div>
 <ul class="ullinks">
+<li class="ulchildlink"><strong><a href="obs_40_0011.html">Typical Permissions Scenarios</a></strong><br>
+</li>
 <li class="ulchildlink"><strong><a href="obs_40_0013.html">Granting Permissions to an IAM User Under the Account</a></strong><br>
 </li>
 <li class="ulchildlink"><strong><a href="obs_40_0019.html">Granting Permissions to Multiple IAM Users or User Groups Under the Account</a></strong><br>
@@ -14,7 +16,7 @@
 </li>
 <li class="ulchildlink"><strong><a href="obs_40_0037.html">Granting Temporary Access to OBS</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0036.html">Preventing Specific IP Addresses from Accessing a Bucket</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0036.html">Restricting Access to a Bucket for Specific IP Addresses</a></strong><br>
 </li>
 </ul>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0013.html b/docs/obs/perms-cfg/obs_40_0013.html
index 21d4db56..0de7b0b7 100644
--- a/docs/obs/perms-cfg/obs_40_0013.html
+++ b/docs/obs/perms-cfg/obs_40_0013.html
@@ -4,20 +4,20 @@
 <div id="body1588765301378"></div>
 <div>
 <ul class="ullinks">
-<li class="ulchildlink"><strong><a href="obs_40_0014.html">Granting an IAM User the Permissions Required to List and Create Buckets</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0014.html">Granting an IAM User the Permissions to Create and List Buckets</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0015.html">Granting an IAM User the Read and Write Permissions on a Bucket</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0015.html">Granting an IAM User the Read/Write Permission on a Bucket</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0016.html">Granting an IAM User the Permissions Required to Perform Specific Operations on a Specific Bucket</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0016.html">Granting an IAM User the Specified Permissions for a Bucket</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0017.html">Granting an IAM User the Read Permission on a Specific Object</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0017.html">Granting an IAM User the Read Permissions on Specific Objects</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0018.html">Granting an IAM User the Permissions Required to Perform Specific Operations on Certain Objects</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0018.html">Granting an IAM User the Specific Permissions on Specific Objects</a></strong><br>
 </li>
 </ul>
 
 <div class="familylinks">
-<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Configuration Cases in Typical Permission Control Scenarios</a></div>
+<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Permission Configuration in Typical Scenarios</a></div>
 </div>
 </div>
 
diff --git a/docs/obs/perms-cfg/obs_40_0014.html b/docs/obs/perms-cfg/obs_40_0014.html
index 646044aa..cf1010c6 100644
--- a/docs/obs/perms-cfg/obs_40_0014.html
+++ b/docs/obs/perms-cfg/obs_40_0014.html
@@ -1,11 +1,11 @@
 <a name="obs_40_0014"></a><a name="obs_40_0014"></a>
 
-<h1 class="topictitle1">Granting an IAM User the Permissions Required to List and Create Buckets</h1>
-<div id="body1588765301378"><div class="section" id="obs_40_0014__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0014__p3431154410448">This topic describes how to grant an IAM user the permissions required to create and list buckets. An IAM user with this permission can create buckets. The created buckets are still owned by the account of the IAM user. The IAM user can view all buckets under the account.</p>
+<h1 class="topictitle1">Granting an IAM User the Permissions to Create and List Buckets</h1>
+<div id="body1588765301378"><div class="section" id="obs_40_0014__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0014__p3431154410448">This topic describes how to grant an IAM user the permissions to create and list buckets. An IAM user with this permission can create and list buckets. The created buckets are owned by the account of the IAM user. The IAM user can also view all buckets under the account.</p>
 </div>
-<div class="section" id="obs_40_0014__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0014__p103657437515">Permissions to create and list buckets are at OBS service-level, which can be implemented only through IAM. You are advised to use IAM custom policies.</p>
+<div class="section" id="obs_40_0014__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0014__p103657437515">To create and list buckets, you need OBS-level permissions, which can be configured on IAM.</p>
 </div>
-<div class="section" id="obs_40_0014__section4844164485112"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0014__ol170633855216"><li id="obs_40_0014__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0014__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0014__b447811155440">Service List</strong> &gt; <strong id="obs_40_0014__b154781715144419">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0014__b1047841564414">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0014__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0014__b56342219314">Permissions</strong>.</span></li><li id="obs_40_0014__li1388483016366"><span>Click <strong id="obs_40_0014__b1210915505130">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0014__li1161395452712"><span>Configure parameters for a custom policy.</span><p><div class="fignone" id="obs_40_0014__fig692184720164"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0014__image179221947161619" src="en-us_image_0000001385655888.png"></span></div>
+<div class="section" id="obs_40_0014__section4844164485112"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0014__ol170633855216"><li id="obs_40_0014__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0014__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0014__b447811155440">Service List</strong> &gt; <strong id="obs_40_0014__b154781715144419">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0014__b1047841564414">Identity and Access Management</strong>.</span></li><li id="obs_40_0014__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0014__b56342219314">Permissions</strong>.</span></li><li id="obs_40_0014__li1388483016366"><span>Click <strong id="obs_40_0014__b1210915505130">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0014__li1161395452712"><span>Configure a custom policy.</span><p><div class="fignone" id="obs_40_0014__fig692184720164"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0014__image179221947161619" src="en-us_image_0000001385655888.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0014__table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0014__row6375927132818"><th align="left" class="cellrowborder" valign="top" width="30.3%" id="mcps1.3.3.2.5.2.2.2.3.1.1"><p id="obs_40_0014__p23757272286"><strong id="obs_40_0014__b204325640094018">Parameter</strong></p>
 </th>
@@ -15,12 +15,12 @@
 </thead>
 <tbody><tr id="obs_40_0014__row17375102752819"><td class="cellrowborder" valign="top" width="30.3%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0014__p1737572772816">Policy Name</p>
 </td>
-<td class="cellrowborder" valign="top" width="69.69999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0014__p83758278280">Name of the custom policy</p>
+<td class="cellrowborder" valign="top" width="69.69999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0014__p83758278280">Enter a policy name.</p>
 </td>
 </tr>
 <tr id="obs_40_0014__row1937592712288"><td class="cellrowborder" valign="top" width="30.3%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0014__p173753272284">Policy View</p>
 </td>
-<td class="cellrowborder" valign="top" width="69.69999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0014__p17375102714285">Set this parameter based on your own habits. <strong id="obs_40_0014__b191136915176">Visual editor</strong> is used here.</p>
+<td class="cellrowborder" valign="top" width="69.69999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0014__p17375102714285">Select one based on your own habits. <strong id="obs_40_0014__b838353619815">Visual editor</strong> is used here.</p>
 </td>
 </tr>
 <tr id="obs_40_0014__row133751227142812"><td class="cellrowborder" valign="top" width="30.3%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0014__p203751027172816">Policy Content</p>
@@ -30,14 +30,14 @@
 </tr>
 <tr id="obs_40_0014__row5473173210497"><td class="cellrowborder" valign="top" width="30.3%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0014__p83756273285">Scope</p>
 </td>
-<td class="cellrowborder" valign="top" width="69.69999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0014__p1037542711283">The default value is <strong id="obs_40_0014__b10986123241">Global services</strong>.</p>
+<td class="cellrowborder" valign="top" width="69.69999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0014__p1037542711283">Use the default value <strong id="obs_40_0014__b10986123241">Global services</strong>.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0014__li1293324623719"><span>Click <strong id="obs_40_0014__b152631939349">OK</strong>. The custom policy is created.</span></li><li id="obs_40_0014__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0014__p1312812258417">Add the created custom policy to the user group by following the instructions in the IAM document.</p>
-</p></li><li id="obs_40_0014__li12273529113919"><span>Add the IAM user you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0014__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0014__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.</p>
+</p></li><li id="obs_40_0014__li1293324623719"><span>Click <strong id="obs_40_0014__b152631939349">OK</strong>.</span></li><li id="obs_40_0014__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0014__p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
+</p></li><li id="obs_40_0014__li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0014__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0014__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
 </div></div>
 </p></li></ol>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0015.html b/docs/obs/perms-cfg/obs_40_0015.html
index 5812676f..09e53476 100644
--- a/docs/obs/perms-cfg/obs_40_0015.html
+++ b/docs/obs/perms-cfg/obs_40_0015.html
@@ -1,17 +1,16 @@
 <a name="obs_40_0015"></a><a name="obs_40_0015"></a>
 
-<h1 class="topictitle1">Granting an IAM User the Read and Write Permissions on a Bucket</h1>
-<div id="body1588765301378"><div class="section" id="obs_40_0015__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0015__p3431154410448">This topic describes how to grant an IAM user the read and write permissions on an OBS bucket.</p>
+<h1 class="topictitle1">Granting an IAM User the Read/Write Permission on a Bucket</h1>
+<div id="body1588765301378"><div class="section" id="obs_40_0015__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0015__p3431154410448">This topic describes how to grant an IAM user the read/write permission on an OBS bucket.</p>
 </div>
-<div class="section" id="obs_40_0015__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0015__p103657437515">You are advised to use bucket policies to grant resource-level permissions to an IAM user.</p>
+<div class="section" id="obs_40_0015__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0015__p103657437515">To grant resource-level permissions to an IAM user, use a bucket policy.</p>
 </div>
-<div class="section" id="obs_40_0015__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0015__p1436151622312">The preset read/write mode of OBS has the following permissions:</p>
-<ul id="obs_40_0015__ul12273198112311"><li id="obs_40_0015__li1327378202314">GetObject: downloading objects</li><li id="obs_40_0015__li227314817237">PutObject: uploading objects</li><li id="obs_40_0015__li127318812235">GetObjectVersion: downloading versioned objects</li><li id="obs_40_0015__li727310818238">DeleteObjectVersion: deleting objects versions</li><li id="obs_40_0015__li8273888232">DeleteObject: deleting objects</li></ul>
-<p id="obs_40_0015__p817120327254">After the configuration is complete, read and write operations (uploading, downloading, and deleting all objects in the bucket) can be performed using APIs or SDKs. However, if you log in to OBS Console or OBS Browser+ to perform those operations, an error is reported indicating that you do not have required permissions. .</p>
-<p id="obs_40_0015__p7807163365117">If you want an IAM user to perform read and write operations on OBS Console or OBS Browser+, configure custom IAM policies by referring to <a href="#obs_40_0015__section220405220511">Follow-up Procedure</a>.</p>
-<p id="obs_40_0015__p135531349172915">After the configuration is complete, the system still displays a message indicating that you do not have the permission to access the bucket. This is normal because the console invokes other advanced configuration APIs, but you can still perform operations allowed in read/write mode.</p>
+<div class="section" id="obs_40_0015__section786219432319"><h4 class="sectiontitle">Precautions</h4>
+<p id="obs_40_0015__p817120327254">After configuration, the IAM user can use APIs or SDKs to upload, download, and delete objects in the bucket. However, if they log in to OBS Console or OBS Browser+ to perform those operations, an error will be reported indicating that they do not have required permissions. .</p>
+<p id="obs_40_0015__p7807163365117">If you still want the IAM user to perform read and write operations on OBS Console or OBS Browser+, you need to configure custom IAM policies. For details, see <a href="#obs_40_0015__section220405220511">Follow-up Procedure</a>.</p>
+<p id="obs_40_0015__p135531349172915">After configuration, the system still displays a message indicating that the IAM user does not have required permissions, because OBS Console also calls other APIs for advanced configurations. However, the IAM user can still perform read/write operations.</p>
 </div>
-<div class="section" id="obs_40_0015__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0015__ol170633855216"><li id="obs_40_0015__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0015__b17942540145715">Object Storage</strong>.</span></li><li id="obs_40_0015__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0015__b1480210341667">Overview</strong> page.</span></li><li id="obs_40_0015__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0015__b2605105313511">Permissions</strong>.</span></li><li id="obs_40_0015__li1568715376490"><span>On the <strong id="obs_40_0015__b2317141425">Bucket Policies</strong> page, click <strong id="obs_40_0015__b5734202684217">Create Bucket Policy</strong> under <strong id="obs_40_0015__b29453318428">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0015__li3552175452220"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0015__fig13644856182710"><span class="figcap"><b>Figure 1 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0015__image16647195692714" src="en-us_image_0000001436220057.png"></span></div>
+<div class="section" id="obs_40_0015__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0015__ol170633855216"><li id="obs_40_0015__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0015__b17942540145715">Object Storage</strong>.</span></li><li id="obs_40_0015__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0015__b1480210341667">Overview</strong> page.</span></li><li id="obs_40_0015__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0015__b2605105313511">Permissions</strong>.</span></li><li id="obs_40_0015__li1568715376490"><span>On the <strong id="obs_40_0015__b2317141425">Bucket Policies</strong> page, click <strong id="obs_40_0015__b5734202684217">Create Bucket Policy</strong> under <strong id="obs_40_0015__b29453318428">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0015__li3552175452220"><span>Configure a bucket policy.</span><p><div class="fignone" id="obs_40_0015__fig13644856182710"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span><br><span><img id="obs_40_0015__image16647195692714" src="en-us_image_0000001436220057.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0015__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0015__row27504174239"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0015__p107559176234"><strong id="obs_40_0015__b26447525910101">Parameter</strong></p>
 </th>
@@ -37,12 +36,12 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0015__li4406132611218"><span>Click <strong id="obs_40_0015__b19267734154318">OK</strong>. The bucket policy is created.</span></li></ol>
+</p></li><li id="obs_40_0015__li4406132611218"><span>Click <strong id="obs_40_0015__b19267734154318">OK</strong>.</span></li></ol>
 </div>
 <div class="section" id="obs_40_0015__section220405220511"><a name="obs_40_0015__section220405220511"></a><a name="section220405220511"></a><h4 class="sectiontitle">Follow-up Procedure</h4><p id="obs_40_0015__p349115115368">To perform read and write operations on OBS Console or OBS Browser+, you must add the <strong id="obs_40_0015__b3328145222113">obs:bucket:ListAllMyBuckets</strong> (for listing buckets) and <strong id="obs_40_0015__b191501957142118">obs:bucket:ListBucket</strong> (for listing objects in a bucket) permissions to the custom IAM policy.</p>
-<div class="note" id="obs_40_0015__note5566228165219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0015__p256692825216"><strong id="obs_40_0015__b4310121264120">obs:bucket:ListAllMyBuckets</strong> applies to all resources, while <strong id="obs_40_0015__b1831551254115">obs:bucket:ListBucket</strong> applies to the authorized bucket only. Therefore, you need to add two permissions to the policy.</p>
+<div class="note" id="obs_40_0015__note5566228165219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0015__p256692825216"><strong id="obs_40_0015__b4310121264120">obs:bucket:ListAllMyBuckets</strong> applies to all resources, while <strong id="obs_40_0015__b1831551254115">obs:bucket:ListBucket</strong> applies only to the authorized bucket. Therefore, you need to add these two permissions to the policy.</p>
 </div></div>
-<ol id="obs_40_0015__ol8623195417319"><li id="obs_40_0015__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0015__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0015__b1624185733610">Service List</strong> &gt; <strong id="obs_40_0015__b112511573364">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0015__b17257573368">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0015__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0015__b757714919113">Permissions</strong>.</span></li><li id="obs_40_0015__li1388483016366"><span>Click <strong id="obs_40_0015__b118613715375">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0015__li1161395452712"><span>Configure parameters for a custom policy.</span><p><div class="fignone" id="obs_40_0015__fig1814219521628"><span class="figcap"><b>Figure 2 </b>Configuring a custom policy</span><br><span><img id="obs_40_0015__image101432052622" src="en-us_image_0000001385676688.png"></span></div>
+<ol id="obs_40_0015__ol8623195417319"><li id="obs_40_0015__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0015__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0015__b1624185733610">Service List</strong> &gt; <strong id="obs_40_0015__b112511573364">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0015__b17257573368">Identity and Access Management</strong>.</span></li><li id="obs_40_0015__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0015__b757714919113">Permissions</strong>.</span></li><li id="obs_40_0015__li1388483016366"><span>Click <strong id="obs_40_0015__b118613715375">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0015__li1161395452712"><span>Configure a custom policy.</span><p><div class="fignone" id="obs_40_0015__fig1814219521628"><span class="figcap"><b>Figure 2 </b>Configuring a custom policy</span><br><span><img id="obs_40_0015__image101432052622" src="en-us_image_0000001385676688.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0015__table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0015__row6375927132818"><th align="left" class="cellrowborder" valign="top" width="24.79%" id="mcps1.3.5.4.5.2.2.2.3.1.1"><p id="obs_40_0015__p23757272286"><strong id="obs_40_0015__b68930084110101">Parameter</strong></p>
 </th>
@@ -52,12 +51,12 @@
 </thead>
 <tbody><tr id="obs_40_0015__row17375102752819"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0015__p1737572772816">Policy Name</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0015__p83758278280">Name of the custom policy</p>
+<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0015__p83758278280">Enter a policy name.</p>
 </td>
 </tr>
 <tr id="obs_40_0015__row1937592712288"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0015__p173753272284">Policy View</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0015__p17375102714285">Set this parameter based on your own habits. <strong id="obs_40_0015__b15269128171710">Visual editor</strong> is used here.</p>
+<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0015__p17375102714285">Select one based on your own habits. <strong id="obs_40_0015__b8703205911914">Visual editor</strong> is used here.</p>
 </td>
 </tr>
 <tr id="obs_40_0015__row133751227142812"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0015__p203751027172816">Policy Content</p>
@@ -65,19 +64,19 @@
 <td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0015__p1928318374535">[Permission 1]</p>
 <ul id="obs_40_0015__ul312618263319"><li id="obs_40_0015__li112652673110">Select <strong id="obs_40_0015__b1442421510101">Allow</strong>.</li><li id="obs_40_0015__li1952919359">Select <strong id="obs_40_0015__b1420920813562">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0015__li813512281313">Select <strong id="obs_40_0015__b727714444551">obs:bucket:ListAllMyBuckets</strong> from the actions.</li><li id="obs_40_0015__li1991741116547">Select <strong id="obs_40_0015__b823218256422">All</strong> for resources.</li></ul>
 <p id="obs_40_0015__p148511375414">[Permission 2]</p>
-<ul id="obs_40_0015__ul127691549205313"><li id="obs_40_0015__li167691496533">Select <strong id="obs_40_0015__b49081477010101">Allow</strong>.</li><li id="obs_40_0015__li1676910494536">Select <strong id="obs_40_0015__b2053811501566">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0015__li18769949195314">Select <strong id="obs_40_0015__b1869165519563">obs:bucket:ListBucket</strong> from the actions.</li><li id="obs_40_0015__li77691949175310">For <strong id="obs_40_0015__b1424511203473">Resources</strong>, select <strong id="obs_40_0015__b14645193125717">Specific</strong>, and for <strong id="obs_40_0015__b9449403471">bucket</strong>, select <strong id="obs_40_0015__b12150205824715">Specify resource path</strong>, and click <strong id="obs_40_0015__b3143112410489">Add Resource Path</strong>. Enter the bucket name in the <strong id="obs_40_0015__b4841111134916">Path</strong> text box, indicating that the policy takes effect only for this bucket.</li></ul>
+<ul id="obs_40_0015__ul127691549205313"><li id="obs_40_0015__li167691496533">Select <strong id="obs_40_0015__b49081477010101">Allow</strong>.</li><li id="obs_40_0015__li1676910494536">Select <strong id="obs_40_0015__b2053811501566">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0015__li18769949195314">Select <strong id="obs_40_0015__b1869165519563">obs:bucket:ListBucket</strong> from the actions.</li><li id="obs_40_0015__li77691949175310">Select <strong id="obs_40_0015__b14645193125717">Specific</strong> for <strong id="obs_40_0015__b1424511203473">Resources</strong> and select <strong id="obs_40_0015__b12150205824715">Specify resource path</strong> for <strong id="obs_40_0015__b9449403471">Bucket</strong>. Click <strong id="obs_40_0015__b3143112410489">Add Resource Path</strong>. Enter the bucket name in the <strong id="obs_40_0015__b4841111134916">Path</strong> text box for applying the policy only to this bucket.</li></ul>
 </td>
 </tr>
 <tr id="obs_40_0015__row81414412509"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0015__p83756273285">Scope</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0015__p1037542711283">The default value is <strong id="obs_40_0015__b137650311419">Global services</strong>.</p>
+<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0015__p1037542711283">Use the default value <strong id="obs_40_0015__b137650311419">Global services</strong>.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0015__li1293324623719"><span>Click <strong id="obs_40_0015__b117724509310101">OK</strong>. The custom policy is created.</span></li><li id="obs_40_0015__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0015__p1312812258417">Add the created custom policy to the user group by following the instructions in the IAM document.</p>
-</p></li><li id="obs_40_0015__li12273529113919"><span>Add the IAM user you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0015__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0015__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.</p>
+</p></li><li id="obs_40_0015__li1293324623719"><span>Click <strong id="obs_40_0015__b117724509310101">OK</strong>.</span></li><li id="obs_40_0015__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0015__p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
+</p></li><li id="obs_40_0015__li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0015__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0015__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
 </div></div>
 </p></li></ol>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0016.html b/docs/obs/perms-cfg/obs_40_0016.html
index 426c1ec4..908270d6 100644
--- a/docs/obs/perms-cfg/obs_40_0016.html
+++ b/docs/obs/perms-cfg/obs_40_0016.html
@@ -1,16 +1,16 @@
 <a name="obs_40_0016"></a><a name="obs_40_0016"></a>
 
-<h1 class="topictitle1">Granting an IAM User the Permissions Required to Perform Specific Operations on a Specific Bucket</h1>
-<div id="body1588765301378"><div class="section" id="obs_40_0016__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0016__p3431154410448">This topic describes how to grant an IAM user the permissions required to perform specific operations on an OBS bucket. Below describes how to grant the bucket deletion permission.</p>
-<p id="obs_40_0016__p131221236151420">If you need to configure other permissions, select the corresponding actions from the <strong id="obs_40_0016__b1887111181379">Action Name</strong> drop-down list in the bucket policy. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
+<h1 class="topictitle1">Granting an IAM User the Specified Permissions for a Bucket</h1>
+<div id="body1588765301378"><div class="section" id="obs_40_0016__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0016__p3431154410448">This topic describes how to grant an IAM user the permissions required to delete a bucket.</p>
+<p id="obs_40_0016__p131221236151420">To grant other permissions, select required actions from <strong id="obs_40_0016__b1968674651912">Action Name</strong> in the bucket policy. For details, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
 </div>
-<div class="section" id="obs_40_0016__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0016__p103657437515">You are advised to use bucket policies to grant resource-level permissions to an IAM user.</p>
+<div class="section" id="obs_40_0016__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0016__p103657437515">To grant resource-level permissions to an IAM user, use a bucket policy.</p>
 </div>
-<div class="section" id="obs_40_0016__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0016__p4883191595712">After the configuration is complete, you can delete buckets using APIs. However, if you log in to OBS Console or OBS Browser+ to delete buckets, an error is reported indicating that you do not have required permissions.</p>
-<p id="obs_40_0016__p20343339195015">This is because when you log in to OBS Console or OBS Browser+, more APIs (such as <strong id="obs_40_0016__b146471514264">ListAllMyBuckets</strong> and <strong id="obs_40_0016__b13906172152620">ListBucketVersions</strong>) are called to load the list of buckets and versioned objects, but your permissions do not cover those APIs. In such case, your access is denied or your operation is not allowed.</p>
-<p id="obs_40_0016__p7807163365117">If you want an IAM user to delete buckets on OBS Console or OBS Browser+, allow the <strong id="obs_40_0016__b15892192319290">ListBucketVersions</strong> permission in the bucket policy and configure a custom IAM policy to grant the <strong id="obs_40_0016__b81561239102919">ListAllMyBuckets</strong> permission by referring to <a href="#obs_40_0016__section220405220511">Follow-up Procedure</a>.</p>
+<div class="section" id="obs_40_0016__section786219432319"><h4 class="sectiontitle">Precautions</h4><p id="obs_40_0016__p4883191595712">After configuration, the IAM user can use APIs to delete buckets. However, if they log in to OBS Console or OBS Browser+ to delete buckets, a message will be displayed indicating that they do not have required permissions.</p>
+<p id="obs_40_0016__p20343339195015">This is because when they log in to OBS Console or OBS Browser+, more APIs (such as <strong id="obs_40_0016__b146471514264">ListAllMyBuckets</strong> and <strong id="obs_40_0016__b13906172152620">ListBucketVersions</strong>) will be called to load the list of buckets and versioned objects. In such case, the message is displayed.</p>
+<p id="obs_40_0016__p7807163365117">If you want an IAM user to delete buckets on OBS Console or OBS Browser+, you need to allow the <strong id="obs_40_0016__b15892192319290">ListBucketVersions</strong> permission in the bucket policy and configure a custom IAM policy to grant the <strong id="obs_40_0016__b81561239102919">ListAllMyBuckets</strong> permission by referring to <a href="#obs_40_0016__section220405220511">Follow-up Procedure</a>.</p>
 </div>
-<div class="section" id="obs_40_0016__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0016__ol170633855216"><li id="obs_40_0016__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0016__b817114045810">Object Storage</strong>.</span></li><li id="obs_40_0016__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0016__b14821954974">Overview</strong> page.</span></li><li id="obs_40_0016__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0016__b1224919532317">Permissions</strong>.</span></li><li id="obs_40_0016__li49461065486"><span>On the <strong id="obs_40_0016__b1581710142711">Bucket Policies</strong> page, click <strong id="obs_40_0016__b1681790132717">Create Bucket Policy</strong> under <strong id="obs_40_0016__b18818190172710">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0016__li3552175452220"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0016__fig136019591588"><span class="figcap"><b>Figure 1 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0016__image10615592819" src="en-us_image_0000001385678272.png"></span></div>
+<div class="section" id="obs_40_0016__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0016__ol170633855216"><li id="obs_40_0016__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0016__b817114045810">Object Storage</strong>.</span></li><li id="obs_40_0016__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0016__b10271330143111">Overview</strong> page.</span></li><li id="obs_40_0016__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0016__b19373029959044">Permissions</strong>.</span></li><li id="obs_40_0016__li1568715376490"><span>On the <strong id="obs_40_0016__b1581710142711">Bucket Policies</strong> page, click <strong id="obs_40_0016__b1681790132717">Create Bucket Policy</strong> under <strong id="obs_40_0016__b18818190172710">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0016__li3552175452220"><span>Configure a bucket policy.</span><p><div class="fignone" id="obs_40_0016__fig136019591588"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span><br><span><img id="obs_40_0016__image10615592819" src="en-us_image_0000001385678272.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0016__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0016__row27504174239"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0016__p107559176234"><strong id="obs_40_0016__b94846767511353">Parameter</strong></p>
 </th>
@@ -40,18 +40,18 @@
 </tr>
 <tr id="obs_40_0016__row3951641158"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0016__p10952134114519">Actions</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0016__ul1663065817513"><li id="obs_40_0016__li1563025812519"><strong id="obs_40_0016__b160478738111353">Include</strong></li><li id="obs_40_0016__li9382124645310"><strong id="obs_40_0016__b2621916135014">Action Name</strong>:<ul id="obs_40_0016__ul0371748105310"><li id="obs_40_0016__li10224301466">DeleteBucket</li><li id="obs_40_0016__li1996111505537"><span style="color:#3D3F43;">ListBucketVersions</span> (required when the authorized user needs to access OBS on OBS Console or OBS Browser+)</li></ul>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0016__ul1663065817513"><li id="obs_40_0016__li1563025812519"><strong id="obs_40_0016__b160478738111353">Include</strong></li><li id="obs_40_0016__li9382124645310"><strong id="obs_40_0016__b2621916135014">Action Name</strong>:<ul id="obs_40_0016__ul0371748105310"><li id="obs_40_0016__li10224301466">DeleteBucket</li><li id="obs_40_0016__li1996111505537">ListBucketVersions (required when an authorized user needs to access OBS from OBS Console or OBS Browser+)</li></ul>
 </li></ul>
-<p id="obs_40_0016__p175400381720">To configure other permissions, select the corresponding actions. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
+<p id="obs_40_0016__p175400381720">To configure other permissions, select the corresponding actions. For details, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0016__li4406132611218"><span>Click <strong id="obs_40_0016__b2045315417430">OK</strong>. The bucket policy is created.</span></li></ol>
+</p></li><li id="obs_40_0016__li4406132611218"><span>Click <strong id="obs_40_0016__b2045315417430">OK</strong>.</span></li></ol>
 </div>
-<div class="section" id="obs_40_0016__section220405220511"><a name="obs_40_0016__section220405220511"></a><a name="section220405220511"></a><h4 class="sectiontitle">Follow-up Procedure</h4><p id="obs_40_0016__p349115115368">To successfully delete buckets on OBS Console or OBS Browser+, you need to allow the <strong id="obs_40_0016__b99410010315">obs:bucket:ListAllMyBuckets</strong> (for listing buckets) permission in the IAM policy.</p>
-<ol id="obs_40_0016__ol8623195417319"><li id="obs_40_0016__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0016__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0016__b587704120115">Service List</strong> &gt; <strong id="obs_40_0016__b6878144115116">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0016__b9878241815">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0016__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0016__b127792011191410">Permissions</strong>.</span></li><li id="obs_40_0016__li1388483016366"><span>Click <strong id="obs_40_0016__b111271552914">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0016__li1161395452712"><span>Configure parameters for a custom policy.</span><p><div class="fignone" id="obs_40_0016__fig2216161311520"><span class="figcap"><b>Figure 2 </b>Configuring a custom policy</span><br><span><img id="obs_40_0016__image921815136158" src="en-us_image_0000001385362028.png"></span></div>
+<div class="section" id="obs_40_0016__section220405220511"><a name="obs_40_0016__section220405220511"></a><a name="section220405220511"></a><h4 class="sectiontitle">Follow-up Procedure</h4><p id="obs_40_0016__p349115115368">To delete buckets on OBS Console or OBS Browser+, you need to allow the <strong id="obs_40_0016__b99410010315">obs:bucket:ListAllMyBuckets</strong> permission in the IAM policy.</p>
+<ol id="obs_40_0016__ol8623195417319"><li id="obs_40_0016__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0016__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0016__b587704120115">Service List</strong> &gt; <strong id="obs_40_0016__b6878144115116">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0016__b9878241815">Identity and Access Management</strong>.</span></li><li id="obs_40_0016__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0016__b127792011191410">Permissions</strong>.</span></li><li id="obs_40_0016__li1388483016366"><span>Click <strong id="obs_40_0016__b111271552914">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0016__li1161395452712"><span>Configure a custom policy.</span><p><div class="fignone" id="obs_40_0016__fig2216161311520"><span class="figcap"><b>Figure 2 </b>Configuring a custom policy</span><br><span><img id="obs_40_0016__image921815136158" src="en-us_image_0000001385362028.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0016__table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0016__row6375927132818"><th align="left" class="cellrowborder" valign="top" width="24.48%" id="mcps1.3.5.3.5.2.2.2.3.1.1"><p id="obs_40_0016__p23757272286"><strong id="obs_40_0016__b204053214211353">Parameter</strong></p>
 </th>
@@ -61,12 +61,12 @@
 </thead>
 <tbody><tr id="obs_40_0016__row17375102752819"><td class="cellrowborder" valign="top" width="24.48%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0016__p1737572772816">Policy Name</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.52%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0016__p83758278280">Name of the custom policy</p>
+<td class="cellrowborder" valign="top" width="75.52%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0016__p83758278280">Enter a policy name.</p>
 </td>
 </tr>
 <tr id="obs_40_0016__row1937592712288"><td class="cellrowborder" valign="top" width="24.48%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0016__p173753272284">Policy View</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.52%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0016__p17375102714285">Set this parameter based on your own habits. <strong id="obs_40_0016__b201724469172">Visual editor</strong> is used here.</p>
+<td class="cellrowborder" valign="top" width="75.52%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0016__p17375102714285">Select one based on your own habits. <strong id="obs_40_0016__b987183435712">Visual editor</strong> is used here.</p>
 </td>
 </tr>
 <tr id="obs_40_0016__row133751227142812"><td class="cellrowborder" valign="top" width="24.48%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0016__p203751027172816">Policy Content</p>
@@ -76,14 +76,14 @@
 </tr>
 <tr id="obs_40_0016__row154361617514"><td class="cellrowborder" valign="top" width="24.48%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0016__p83756273285">Scope</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.52%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0016__p1037542711283">The default value is <strong id="obs_40_0016__b6254525056">Global services</strong>.</p>
+<td class="cellrowborder" valign="top" width="75.52%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0016__p1037542711283">Use the default value <strong id="obs_40_0016__b6254525056">Global services</strong>.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0016__li1293324623719"><span>Click <strong id="obs_40_0016__b139894679711353">OK</strong>. The custom policy is created.</span></li><li id="obs_40_0016__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0016__p1312812258417">Add the created custom policy to the user group by following the instructions in the IAM document.</p>
-</p></li><li id="obs_40_0016__li12273529113919"><span>Add the IAM user you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0016__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0016__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.</p>
+</p></li><li id="obs_40_0016__li1293324623719"><span>Click <strong id="obs_40_0016__b139894679711353">OK</strong>.</span></li><li id="obs_40_0016__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0016__p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
+</p></li><li id="obs_40_0016__li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0016__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0016__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
 </div></div>
 </p></li></ol>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0017.html b/docs/obs/perms-cfg/obs_40_0017.html
index 98d99036..838c3fb6 100644
--- a/docs/obs/perms-cfg/obs_40_0017.html
+++ b/docs/obs/perms-cfg/obs_40_0017.html
@@ -1,17 +1,15 @@
 <a name="obs_40_0017"></a><a name="obs_40_0017"></a>
 
-<h1 class="topictitle1">Granting an IAM User the Read Permission on a Specific Object</h1>
-<div id="body1588765301378"><div class="section" id="obs_40_0017__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0017__p3431154410448">This topic describes how to grant an IAM user the read permission on an object or a set of objects in an OBS bucket.</p>
+<h1 class="topictitle1">Granting an IAM User the Read Permissions on Specific Objects</h1>
+<div id="body1588765301378"><div class="section" id="obs_40_0017__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0017__p3431154410448">This topic describes how to grant an IAM user the read permissions on an object or a set of objects in an OBS bucket.</p>
 </div>
-<div class="section" id="obs_40_0017__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0017__p103657437515">You are advised to use bucket policies to grant resource-level permissions to an IAM user.</p>
+<div class="section" id="obs_40_0017__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0017__p103657437515">To grant resource-level permissions to an IAM user, use a bucket policy.</p>
 </div>
-<div class="section" id="obs_40_0017__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0017__p1436151622312">The preset read-only mode of OBS has the following permissions:</p>
-<ul id="obs_40_0017__ul12273198112311"><li id="obs_40_0017__li1327378202314">GetObject: downloading objects</li><li id="obs_40_0017__li127318812235">GetObjectVersion: downloading versioned objects</li></ul>
-<p id="obs_40_0017__p817120327254">After the configuration is complete, you can read (download) specific objects using APIs. However, if you download an object from OBS Console or OBS Browser+, an error is reported indicating that you do not have required permissions.</p>
-<p id="obs_40_0017__p268581111517">This is because when you log in to OBS Console or OBS Browser+, APIs (such as <strong id="obs_40_0017__b1397294793312">ListAllMyBuckets</strong> and <strong id="obs_40_0017__b6471174914332">ListBucket</strong>) are called to load the bucket list and object list and some other APIs will also be called on other pages, but your permissions do not cover those APIs. In such case, your access is denied or your operation is not allowed.</p>
-<p id="obs_40_0017__p7807163365117">If you want an IAM user to perform read operations on OBS Console or OBS Browser+, configure custom IAM policies by referring to <a href="#obs_40_0017__section220405220511">Follow-up Procedure</a>.</p>
+<div class="section" id="obs_40_0017__section786219432319"><h4 class="sectiontitle">Precautions</h4><p id="obs_40_0017__p817120327254">After configuration, the IAM user can download specific objects using APIs. However, if they download an object from OBS Console or OBS Browser+, a message will be displayed, indicating that they do not have required permissions.</p>
+<p id="obs_40_0017__p268581111517">This is because when they log in to OBS Console or OBS Browser+, the <strong id="obs_40_0017__b1397294793312">ListAllMyBuckets</strong> API is called to load the bucket list and some other APIs will also be called on other pages. In such case, the message is displayed.</p>
+<p id="obs_40_0017__p7807163365117">If you want an IAM user to perform read operations on OBS Console or OBS Browser+, you need to configure custom IAM policies by referring to <a href="#obs_40_0017__section220405220511">Follow-up Procedure</a>.</p>
 </div>
-<div class="section" id="obs_40_0017__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0017__ol170633855216"><li id="obs_40_0017__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0017__b16597141685817">Object Storage</strong>.</span></li><li id="obs_40_0017__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0017__b14952104141110">Overview</strong> page.</span></li><li id="obs_40_0017__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0017__b1786610361251">Permissions</strong>.</span></li><li id="obs_40_0017__li1568715376490"><span>On the <strong id="obs_40_0017__b1547546924114540">Bucket Policies</strong> page, click <strong id="obs_40_0017__b541037169114540">Create Bucket Policy</strong> under <strong id="obs_40_0017__b806325171114540">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0017__li3552175452220"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0017__fig105401899251"><span class="figcap"><b>Figure 1 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0017__image1154299192512" src="en-us_image_0000001385525368.png"></span></div>
+<div class="section" id="obs_40_0017__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0017__ol170633855216"><li id="obs_40_0017__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0017__b16597141685817">Object Storage</strong>.</span></li><li id="obs_40_0017__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0017__b9870182015355">Overview</strong> page.</span></li><li id="obs_40_0017__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0017__b3163980319046">Permissions</strong>.</span></li><li id="obs_40_0017__li1568715376490"><span>On the <strong id="obs_40_0017__b1547546924114540">Bucket Policies</strong> page, click <strong id="obs_40_0017__b541037169114540">Create Bucket Policy</strong> under <strong id="obs_40_0017__b806325171114540">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0017__li3552175452220"><span>Configure a bucket policy.</span><p><div class="fignone" id="obs_40_0017__fig105401899251"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span><br><span><img id="obs_40_0017__image1154299192512" src="en-us_image_0000001385525368.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0017__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0017__row27504174239"><th align="left" class="cellrowborder" valign="top" width="23.82%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0017__p107559176234"><strong id="obs_40_0017__b400363316114540">Parameter</strong></p>
 </th>
@@ -39,12 +37,12 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0017__li4406132611218"><span>Click <strong id="obs_40_0017__b682380655114540">OK</strong>. The bucket policy is created.</span></li></ol>
+</p></li><li id="obs_40_0017__li4406132611218"><span>Click <strong id="obs_40_0017__b682380655114540">OK</strong>.</span></li></ol>
 </div>
 <div class="section" id="obs_40_0017__section220405220511"><a name="obs_40_0017__section220405220511"></a><a name="section220405220511"></a><h4 class="sectiontitle">Follow-up Procedure</h4><p id="obs_40_0017__p349115115368">To perform read operations on OBS Console or OBS Browser+, you must add the <strong id="obs_40_0017__b167361655103520">obs:bucket:ListAllMyBuckets</strong> (for listing buckets) and <strong id="obs_40_0017__b1351213017361">obs:bucket:ListBucket</strong> (for listing objects in a bucket) permissions to the custom IAM policy.</p>
-<div class="note" id="obs_40_0017__note5566228165219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0017__p256692825216"><strong id="obs_40_0017__b92211452202919">obs:bucket:ListAllMyBuckets</strong> applies to all resources, while <strong id="obs_40_0017__b1662485742911">obs:bucket:ListBucket</strong> applies to the authorized bucket only. Therefore, you need to add two permissions to the policy.</p>
+<div class="note" id="obs_40_0017__note5566228165219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0017__p256692825216"><strong id="obs_40_0017__b1645510352914">obs:bucket:ListAllMyBuckets</strong> applies to all resources, while <strong id="obs_40_0017__b745513319291">obs:bucket:ListBucket</strong> applies only to the authorized bucket. Therefore, you need to add these two permissions to the policy.</p>
 </div></div>
-<ol id="obs_40_0017__ol8623195417319"><li id="obs_40_0017__obs_40_0015_li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0017__obs_40_0015_li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0017__obs_40_0015_b1624185733610">Service List</strong> &gt; <strong id="obs_40_0017__obs_40_0015_b112511573364">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0017__obs_40_0015_b17257573368">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0017__obs_40_0015_li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0017__obs_40_0015_b757714919113">Permissions</strong>.</span></li><li id="obs_40_0017__obs_40_0015_li1388483016366"><span>Click <strong id="obs_40_0017__obs_40_0015_b118613715375">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0017__obs_40_0015_li1161395452712"><span>Configure parameters for a custom policy.</span><p><div class="fignone" id="obs_40_0017__obs_40_0015_fig1814219521628"><span class="figcap"><b>Figure 2 </b>Configuring a custom policy</span><br><span><img id="obs_40_0017__obs_40_0015_image101432052622" src="en-us_image_0000001385676688.png"></span></div>
+<ol id="obs_40_0017__ol8623195417319"><li id="obs_40_0017__obs_40_0015_li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0017__obs_40_0015_li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0017__obs_40_0015_b1624185733610">Service List</strong> &gt; <strong id="obs_40_0017__obs_40_0015_b112511573364">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0017__obs_40_0015_b17257573368">Identity and Access Management</strong>.</span></li><li id="obs_40_0017__obs_40_0015_li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0017__obs_40_0015_b757714919113">Permissions</strong>.</span></li><li id="obs_40_0017__obs_40_0015_li1388483016366"><span>Click <strong id="obs_40_0017__obs_40_0015_b118613715375">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0017__obs_40_0015_li1161395452712"><span>Configure a custom policy.</span><p><div class="fignone" id="obs_40_0017__obs_40_0015_fig1814219521628"><span class="figcap"><b>Figure 2 </b>Configuring a custom policy</span><br><span><img id="obs_40_0017__obs_40_0015_image101432052622" src="en-us_image_0000001385676688.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0017__obs_40_0015_table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0017__obs_40_0015_row6375927132818"><th align="left" class="cellrowborder" valign="top" width="24.79%" id="mcps1.3.5.4.5.2.2.2.3.1.1"><p id="obs_40_0017__obs_40_0015_p23757272286"><strong id="obs_40_0017__obs_40_0015_b68930084110101">Parameter</strong></p>
 </th>
@@ -54,12 +52,12 @@
 </thead>
 <tbody><tr id="obs_40_0017__obs_40_0015_row17375102752819"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0017__obs_40_0015_p1737572772816">Policy Name</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0017__obs_40_0015_p83758278280">Name of the custom policy</p>
+<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0017__obs_40_0015_p83758278280">Enter a policy name.</p>
 </td>
 </tr>
 <tr id="obs_40_0017__obs_40_0015_row1937592712288"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0017__obs_40_0015_p173753272284">Policy View</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0017__obs_40_0015_p17375102714285">Set this parameter based on your own habits. <strong id="obs_40_0017__obs_40_0015_b15269128171710">Visual editor</strong> is used here.</p>
+<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0017__obs_40_0015_p17375102714285">Select one based on your own habits. <strong id="obs_40_0017__obs_40_0015_b8703205911914">Visual editor</strong> is used here.</p>
 </td>
 </tr>
 <tr id="obs_40_0017__obs_40_0015_row133751227142812"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0017__obs_40_0015_p203751027172816">Policy Content</p>
@@ -67,19 +65,19 @@
 <td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0017__obs_40_0015_p1928318374535">[Permission 1]</p>
 <ul id="obs_40_0017__obs_40_0015_ul312618263319"><li id="obs_40_0017__obs_40_0015_li112652673110">Select <strong id="obs_40_0017__obs_40_0015_b1442421510101">Allow</strong>.</li><li id="obs_40_0017__obs_40_0015_li1952919359">Select <strong id="obs_40_0017__obs_40_0015_b1420920813562">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0017__obs_40_0015_li813512281313">Select <strong id="obs_40_0017__obs_40_0015_b727714444551">obs:bucket:ListAllMyBuckets</strong> from the actions.</li><li id="obs_40_0017__obs_40_0015_li1991741116547">Select <strong id="obs_40_0017__obs_40_0015_b823218256422">All</strong> for resources.</li></ul>
 <p id="obs_40_0017__obs_40_0015_p148511375414">[Permission 2]</p>
-<ul id="obs_40_0017__obs_40_0015_ul127691549205313"><li id="obs_40_0017__obs_40_0015_li167691496533">Select <strong id="obs_40_0017__obs_40_0015_b49081477010101">Allow</strong>.</li><li id="obs_40_0017__obs_40_0015_li1676910494536">Select <strong id="obs_40_0017__obs_40_0015_b2053811501566">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0017__obs_40_0015_li18769949195314">Select <strong id="obs_40_0017__obs_40_0015_b1869165519563">obs:bucket:ListBucket</strong> from the actions.</li><li id="obs_40_0017__obs_40_0015_li77691949175310">For <strong id="obs_40_0017__obs_40_0015_b1424511203473">Resources</strong>, select <strong id="obs_40_0017__obs_40_0015_b14645193125717">Specific</strong>, and for <strong id="obs_40_0017__obs_40_0015_b9449403471">bucket</strong>, select <strong id="obs_40_0017__obs_40_0015_b12150205824715">Specify resource path</strong>, and click <strong id="obs_40_0017__obs_40_0015_b3143112410489">Add Resource Path</strong>. Enter the bucket name in the <strong id="obs_40_0017__obs_40_0015_b4841111134916">Path</strong> text box, indicating that the policy takes effect only for this bucket.</li></ul>
+<ul id="obs_40_0017__obs_40_0015_ul127691549205313"><li id="obs_40_0017__obs_40_0015_li167691496533">Select <strong id="obs_40_0017__obs_40_0015_b49081477010101">Allow</strong>.</li><li id="obs_40_0017__obs_40_0015_li1676910494536">Select <strong id="obs_40_0017__obs_40_0015_b2053811501566">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0017__obs_40_0015_li18769949195314">Select <strong id="obs_40_0017__obs_40_0015_b1869165519563">obs:bucket:ListBucket</strong> from the actions.</li><li id="obs_40_0017__obs_40_0015_li77691949175310">Select <strong id="obs_40_0017__obs_40_0015_b14645193125717">Specific</strong> for <strong id="obs_40_0017__obs_40_0015_b1424511203473">Resources</strong> and select <strong id="obs_40_0017__obs_40_0015_b12150205824715">Specify resource path</strong> for <strong id="obs_40_0017__obs_40_0015_b9449403471">Bucket</strong>. Click <strong id="obs_40_0017__obs_40_0015_b3143112410489">Add Resource Path</strong>. Enter the bucket name in the <strong id="obs_40_0017__obs_40_0015_b4841111134916">Path</strong> text box for applying the policy only to this bucket.</li></ul>
 </td>
 </tr>
 <tr id="obs_40_0017__obs_40_0015_row81414412509"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0017__obs_40_0015_p83756273285">Scope</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0017__obs_40_0015_p1037542711283">The default value is <strong id="obs_40_0017__obs_40_0015_b137650311419">Global services</strong>.</p>
+<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0017__obs_40_0015_p1037542711283">Use the default value <strong id="obs_40_0017__obs_40_0015_b137650311419">Global services</strong>.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0017__obs_40_0015_li1293324623719"><span>Click <strong id="obs_40_0017__obs_40_0015_b117724509310101">OK</strong>. The custom policy is created.</span></li><li id="obs_40_0017__obs_40_0015_li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0017__obs_40_0015_p1312812258417">Add the created custom policy to the user group by following the instructions in the IAM document.</p>
-</p></li><li id="obs_40_0017__obs_40_0015_li12273529113919"><span>Add the IAM user you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0017__obs_40_0015_note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0017__obs_40_0015_p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.</p>
+</p></li><li id="obs_40_0017__obs_40_0015_li1293324623719"><span>Click <strong id="obs_40_0017__obs_40_0015_b117724509310101">OK</strong>.</span></li><li id="obs_40_0017__obs_40_0015_li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0017__obs_40_0015_p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
+</p></li><li id="obs_40_0017__obs_40_0015_li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0017__obs_40_0015_note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0017__obs_40_0015_p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
 </div></div>
 </p></li></ol>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0018.html b/docs/obs/perms-cfg/obs_40_0018.html
index adcc98de..7d369a3f 100644
--- a/docs/obs/perms-cfg/obs_40_0018.html
+++ b/docs/obs/perms-cfg/obs_40_0018.html
@@ -1,16 +1,16 @@
 <a name="obs_40_0018"></a><a name="obs_40_0018"></a>
 
-<h1 class="topictitle1">Granting an IAM User the Permissions Required to Perform Specific Operations on Certain Objects</h1>
-<div id="body1588765301379"><div class="section" id="obs_40_0018__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0018__p3431154410448">This topic describes how to grant an IAM user certain permissions on specific objects in a bucket. Below explains how to grant the object download permission.</p>
-<p id="obs_40_0018__p131221236151420">If you need to configure other permissions, select the corresponding actions from the <strong id="obs_40_0018__b88223874923053">Action Name</strong> drop-down list in the bucket policy. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
+<h1 class="topictitle1">Granting an IAM User the Specific Permissions on Specific Objects</h1>
+<div id="body1588765301379"><div class="section" id="obs_40_0018__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0018__p3431154410448">This topic describes how to grant an IAM user the permissions to download specific objects from a bucket.</p>
+<p id="obs_40_0018__p131221236151420">To grant other permissions, select required actions from <strong id="obs_40_0018__b88223874923053">Action Name</strong> in the bucket policy. For details, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
 </div>
-<div class="section" id="obs_40_0018__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0018__p103657437515">You are advised to use bucket policies to grant resource-level permissions to an IAM user.</p>
+<div class="section" id="obs_40_0018__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0018__p103657437515">To grant resource-level permissions to an IAM user, use a bucket policy.</p>
 </div>
-<div class="section" id="obs_40_0018__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0018__p4883191595712">After the configuration is complete, you can download objects using APIs. However, if you log in to OBS Console or OBS Browser+ to download an object, an error is reported indicating that you do not have required permissions.</p>
-<p id="obs_40_0018__p1486851214528">This is because when you log in to OBS Console or OBS Browser+, APIs (such as <strong id="obs_40_0018__b030594717378">ListAllMyBuckets</strong> and <strong id="obs_40_0018__b18834164833712">ListBucket</strong>) are called to load the bucket list and object list and some other APIs will also be called on other pages, but your permissions do not cover those APIs. In such case, your access is denied or your operation is not allowed.</p>
-<p id="obs_40_0018__p7807163365117">If you want an IAM user to successfully download objects on OBS Console or OBS Browser+, configure custom IAM policies by referring to <a href="#obs_40_0018__section220405220511">Follow-up Procedure</a>.</p>
+<div class="section" id="obs_40_0018__section786219432319"><h4 class="sectiontitle">Precautions</h4><p id="obs_40_0018__p4883191595712">After configuration, the IAM user can download objects using APIs. However, if they download objects using OBS Console or OBS Browser+, a message will be displayed indicating that they do not have required permissions.</p>
+<p id="obs_40_0018__p1486851214528">When they log in to OBS Console or OBS Browser+, APIs such as <strong id="obs_40_0018__b10720152818346">ListAllMyBuckets</strong> and <strong id="obs_40_0018__b13112356349">ListBucket</strong> are called. <strong id="obs_40_0018__b566433211345">ListAllMyBuckets</strong> loads the bucket list while <strong id="obs_40_0018__b61251438143415">ListBucket</strong> loads the object list. Some other APIs are also called on other pages. In such case, the message is displayed.</p>
+<p id="obs_40_0018__p7807163365117">To allow an IAM user to download objects on OBS Console or OBS Browser+, you need to configure custom IAM policies. For details, see <a href="#obs_40_0018__section220405220511">Follow-up Procedure</a>.</p>
 </div>
-<div class="section" id="obs_40_0018__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0018__ol170633855216"><li id="obs_40_0018__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0018__b65061622185814">Object Storage</strong>.</span></li><li id="obs_40_0018__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0018__b121216132122">Overview</strong> page.</span></li><li id="obs_40_0018__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0018__b4622118405">Permissions</strong>.</span></li><li id="obs_40_0018__li18104837112113"><span>On the <strong id="obs_40_0018__b3489831124414">Bucket Policies</strong> page, click <strong id="obs_40_0018__b6489163111440">Create Bucket Policy</strong> under <strong id="obs_40_0018__b449017312444">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0018__li3552175452220"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0018__fig1699641119349"><span class="figcap"><b>Figure 1 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0018__image189961011113416" src="en-us_image_0000001435889185.png"></span></div>
+<div class="section" id="obs_40_0018__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0018__ol170633855216"><li id="obs_40_0018__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0018__b101872402">Object Storage</strong>.</span></li><li id="obs_40_0018__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0018__b62013257523828">Overview</strong> page.</span></li><li id="obs_40_0018__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0018__b1250324489048">Permissions</strong>.</span></li><li id="obs_40_0018__li1568715376490"><span>On the <strong id="obs_40_0018__b1442154819296">Bucket Policies</strong> page, click <strong id="obs_40_0018__b242134822910">Create Bucket Policy</strong> under <strong id="obs_40_0018__b14422481296">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0018__li3552175452220"><span>Configure a bucket policy.</span><p><div class="fignone" id="obs_40_0018__fig1699641119349"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span><br><span><img id="obs_40_0018__image189961011113416" src="en-us_image_0000001435889185.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0018__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0018__row27504174239"><th align="left" class="cellrowborder" valign="top" width="23.599999999999998%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0018__p107559176234"><strong id="obs_40_0018__b19719045623053">Parameter</strong></p>
 </th>
@@ -43,18 +43,18 @@
 <tr id="obs_40_0018__row3951641158"><td class="cellrowborder" valign="top" width="23.599999999999998%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0018__p10952134114519">Actions</p>
 </td>
 <td class="cellrowborder" valign="top" width="76.4%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0018__ul1663065817513"><li id="obs_40_0018__li1563025812519"><strong id="obs_40_0018__b109038457923053">Include</strong></li><li id="obs_40_0018__li10224301466">Action Name: Select <strong id="obs_40_0018__b6410174014714">GetObject</strong>.</li></ul>
-<p id="obs_40_0018__p175400381720">To configure other permissions, select the corresponding actions. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
+<p id="obs_40_0018__p175400381720">To configure other permissions, select the corresponding actions. For details, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0018__li4406132611218"><span>Click <strong id="obs_40_0018__b162853642620">OK</strong>. The bucket policy is created.</span></li></ol>
+</p></li><li id="obs_40_0018__li4406132611218"><span>Click <strong id="obs_40_0018__b162853642620">OK</strong>.</span></li></ol>
 </div>
-<div class="section" id="obs_40_0018__section220405220511"><a name="obs_40_0018__section220405220511"></a><a name="section220405220511"></a><h4 class="sectiontitle">Follow-up Procedure</h4><p id="obs_40_0018__p349115115368">To perform specific operations on OBS Console or OBS Browser+, you must add the <strong id="obs_40_0018__b1196215355385">obs:bucket:ListAllMyBuckets</strong> (for listing buckets) and <strong id="obs_40_0018__b626413910387">obs:bucket:ListBucket</strong> (for listing objects in a bucket) permissions to the custom IAM policy.</p>
-<div class="note" id="obs_40_0018__note5566228165219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0018__p256692825216"><strong id="obs_40_0018__b1246318141558">obs:bucket:ListAllMyBuckets</strong> applies to all resources, while <strong id="obs_40_0018__b246781425518">obs:bucket:ListBucket</strong> applies to the authorized bucket only. Therefore, you need to add two permissions to the policy.</p>
+<div class="section" id="obs_40_0018__section220405220511"><a name="obs_40_0018__section220405220511"></a><a name="section220405220511"></a><h4 class="sectiontitle">Follow-up Procedure</h4><p id="obs_40_0018__p349115115368">To perform specific operations on OBS Console or OBS Browser+, you must add the <strong id="obs_40_0018__b937337395">obs:bucket:ListAllMyBuckets</strong> and <strong id="obs_40_0018__b322823610390">obs:bucket:ListBucket</strong> permissions to the custom IAM policy. <strong id="obs_40_0018__b110734020395">obs:bucket:ListAllMyBuckets</strong> lists buckets while <strong id="obs_40_0018__b2857343163918">obs:bucket:ListBucket</strong> lists objects in a bucket.</p>
+<div class="note" id="obs_40_0018__note5566228165219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0018__p256692825216"><strong id="obs_40_0018__b147631426113720">obs:bucket:ListAllMyBuckets</strong> applies to all resources while <strong id="obs_40_0018__b147631226153718">obs:bucket:ListBucket</strong> applies only to the authorized bucket, so you need to add the two permissions to the policy.</p>
 </div></div>
-<ol id="obs_40_0018__ol8623195417319"><li id="obs_40_0018__obs_40_0015_li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0018__obs_40_0015_li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0018__obs_40_0015_b1624185733610">Service List</strong> &gt; <strong id="obs_40_0018__obs_40_0015_b112511573364">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0018__obs_40_0015_b17257573368">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0018__obs_40_0015_li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0018__obs_40_0015_b757714919113">Permissions</strong>.</span></li><li id="obs_40_0018__obs_40_0015_li1388483016366"><span>Click <strong id="obs_40_0018__obs_40_0015_b118613715375">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0018__obs_40_0015_li1161395452712"><span>Configure parameters for a custom policy.</span><p><div class="fignone" id="obs_40_0018__obs_40_0015_fig1814219521628"><span class="figcap"><b>Figure 2 </b>Configuring a custom policy</span><br><span><img id="obs_40_0018__obs_40_0015_image101432052622" src="en-us_image_0000001385676688.png"></span></div>
+<ol id="obs_40_0018__ol8623195417319"><li id="obs_40_0018__obs_40_0015_li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0018__obs_40_0015_li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0018__obs_40_0015_b1624185733610">Service List</strong> &gt; <strong id="obs_40_0018__obs_40_0015_b112511573364">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0018__obs_40_0015_b17257573368">Identity and Access Management</strong>.</span></li><li id="obs_40_0018__obs_40_0015_li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0018__obs_40_0015_b757714919113">Permissions</strong>.</span></li><li id="obs_40_0018__obs_40_0015_li1388483016366"><span>Click <strong id="obs_40_0018__obs_40_0015_b118613715375">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0018__obs_40_0015_li1161395452712"><span>Configure a custom policy.</span><p><div class="fignone" id="obs_40_0018__obs_40_0015_fig1814219521628"><span class="figcap"><b>Figure 2 </b>Configuring a custom policy</span><br><span><img id="obs_40_0018__obs_40_0015_image101432052622" src="en-us_image_0000001385676688.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0018__obs_40_0015_table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0018__obs_40_0015_row6375927132818"><th align="left" class="cellrowborder" valign="top" width="24.79%" id="mcps1.3.5.4.5.2.2.2.3.1.1"><p id="obs_40_0018__obs_40_0015_p23757272286"><strong id="obs_40_0018__obs_40_0015_b68930084110101">Parameter</strong></p>
 </th>
@@ -64,12 +64,12 @@
 </thead>
 <tbody><tr id="obs_40_0018__obs_40_0015_row17375102752819"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0018__obs_40_0015_p1737572772816">Policy Name</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0018__obs_40_0015_p83758278280">Name of the custom policy</p>
+<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0018__obs_40_0015_p83758278280">Enter a policy name.</p>
 </td>
 </tr>
 <tr id="obs_40_0018__obs_40_0015_row1937592712288"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0018__obs_40_0015_p173753272284">Policy View</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0018__obs_40_0015_p17375102714285">Set this parameter based on your own habits. <strong id="obs_40_0018__obs_40_0015_b15269128171710">Visual editor</strong> is used here.</p>
+<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0018__obs_40_0015_p17375102714285">Select one based on your own habits. <strong id="obs_40_0018__obs_40_0015_b8703205911914">Visual editor</strong> is used here.</p>
 </td>
 </tr>
 <tr id="obs_40_0018__obs_40_0015_row133751227142812"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0018__obs_40_0015_p203751027172816">Policy Content</p>
@@ -77,19 +77,19 @@
 <td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0018__obs_40_0015_p1928318374535">[Permission 1]</p>
 <ul id="obs_40_0018__obs_40_0015_ul312618263319"><li id="obs_40_0018__obs_40_0015_li112652673110">Select <strong id="obs_40_0018__obs_40_0015_b1442421510101">Allow</strong>.</li><li id="obs_40_0018__obs_40_0015_li1952919359">Select <strong id="obs_40_0018__obs_40_0015_b1420920813562">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0018__obs_40_0015_li813512281313">Select <strong id="obs_40_0018__obs_40_0015_b727714444551">obs:bucket:ListAllMyBuckets</strong> from the actions.</li><li id="obs_40_0018__obs_40_0015_li1991741116547">Select <strong id="obs_40_0018__obs_40_0015_b823218256422">All</strong> for resources.</li></ul>
 <p id="obs_40_0018__obs_40_0015_p148511375414">[Permission 2]</p>
-<ul id="obs_40_0018__obs_40_0015_ul127691549205313"><li id="obs_40_0018__obs_40_0015_li167691496533">Select <strong id="obs_40_0018__obs_40_0015_b49081477010101">Allow</strong>.</li><li id="obs_40_0018__obs_40_0015_li1676910494536">Select <strong id="obs_40_0018__obs_40_0015_b2053811501566">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0018__obs_40_0015_li18769949195314">Select <strong id="obs_40_0018__obs_40_0015_b1869165519563">obs:bucket:ListBucket</strong> from the actions.</li><li id="obs_40_0018__obs_40_0015_li77691949175310">For <strong id="obs_40_0018__obs_40_0015_b1424511203473">Resources</strong>, select <strong id="obs_40_0018__obs_40_0015_b14645193125717">Specific</strong>, and for <strong id="obs_40_0018__obs_40_0015_b9449403471">bucket</strong>, select <strong id="obs_40_0018__obs_40_0015_b12150205824715">Specify resource path</strong>, and click <strong id="obs_40_0018__obs_40_0015_b3143112410489">Add Resource Path</strong>. Enter the bucket name in the <strong id="obs_40_0018__obs_40_0015_b4841111134916">Path</strong> text box, indicating that the policy takes effect only for this bucket.</li></ul>
+<ul id="obs_40_0018__obs_40_0015_ul127691549205313"><li id="obs_40_0018__obs_40_0015_li167691496533">Select <strong id="obs_40_0018__obs_40_0015_b49081477010101">Allow</strong>.</li><li id="obs_40_0018__obs_40_0015_li1676910494536">Select <strong id="obs_40_0018__obs_40_0015_b2053811501566">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0018__obs_40_0015_li18769949195314">Select <strong id="obs_40_0018__obs_40_0015_b1869165519563">obs:bucket:ListBucket</strong> from the actions.</li><li id="obs_40_0018__obs_40_0015_li77691949175310">Select <strong id="obs_40_0018__obs_40_0015_b14645193125717">Specific</strong> for <strong id="obs_40_0018__obs_40_0015_b1424511203473">Resources</strong> and select <strong id="obs_40_0018__obs_40_0015_b12150205824715">Specify resource path</strong> for <strong id="obs_40_0018__obs_40_0015_b9449403471">Bucket</strong>. Click <strong id="obs_40_0018__obs_40_0015_b3143112410489">Add Resource Path</strong>. Enter the bucket name in the <strong id="obs_40_0018__obs_40_0015_b4841111134916">Path</strong> text box for applying the policy only to this bucket.</li></ul>
 </td>
 </tr>
 <tr id="obs_40_0018__obs_40_0015_row81414412509"><td class="cellrowborder" valign="top" width="24.79%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0018__obs_40_0015_p83756273285">Scope</p>
 </td>
-<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0018__obs_40_0015_p1037542711283">The default value is <strong id="obs_40_0018__obs_40_0015_b137650311419">Global services</strong>.</p>
+<td class="cellrowborder" valign="top" width="75.21%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0018__obs_40_0015_p1037542711283">Use the default value <strong id="obs_40_0018__obs_40_0015_b137650311419">Global services</strong>.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0018__obs_40_0015_li1293324623719"><span>Click <strong id="obs_40_0018__obs_40_0015_b117724509310101">OK</strong>. The custom policy is created.</span></li><li id="obs_40_0018__obs_40_0015_li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0018__obs_40_0015_p1312812258417">Add the created custom policy to the user group by following the instructions in the IAM document.</p>
-</p></li><li id="obs_40_0018__obs_40_0015_li12273529113919"><span>Add the IAM user you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0018__obs_40_0015_note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0018__obs_40_0015_p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.</p>
+</p></li><li id="obs_40_0018__obs_40_0015_li1293324623719"><span>Click <strong id="obs_40_0018__obs_40_0015_b117724509310101">OK</strong>.</span></li><li id="obs_40_0018__obs_40_0015_li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0018__obs_40_0015_p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
+</p></li><li id="obs_40_0018__obs_40_0015_li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0018__obs_40_0015_note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0018__obs_40_0015_p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
 </div></div>
 </p></li></ol>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0019.html b/docs/obs/perms-cfg/obs_40_0019.html
index 92b9745a..38eb346b 100644
--- a/docs/obs/perms-cfg/obs_40_0019.html
+++ b/docs/obs/perms-cfg/obs_40_0019.html
@@ -8,16 +8,16 @@
 </li>
 <li class="ulchildlink"><strong><a href="obs_40_0021.html">Granting IAM User Groups Basic Permissions on All OBS Resources</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0022.html">Granting IAM User Groups Specified Permissions on All OBS Resources</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0022.html">Granting IAM User Groups Specific Permissions for All OBS Resources</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0023.html">Granting IAM User Groups Specified Permissions on Certain OBS Resources</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0023.html">Granting IAM User Groups Specific Permissions on Specific OBS Resources</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0044.html">Granting IAM User Groups Specified Permissions on Certain OBS Folders</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0044.html">Granting IAM User Groups Specific Permissions on a Folder</a></strong><br>
 </li>
 </ul>
 
 <div class="familylinks">
-<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Configuration Cases in Typical Permission Control Scenarios</a></div>
+<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Permission Configuration in Typical Scenarios</a></div>
 </div>
 </div>
 
diff --git a/docs/obs/perms-cfg/obs_40_0020.html b/docs/obs/perms-cfg/obs_40_0020.html
index 77391b54..6db826bd 100644
--- a/docs/obs/perms-cfg/obs_40_0020.html
+++ b/docs/obs/perms-cfg/obs_40_0020.html
@@ -1,11 +1,11 @@
 <a name="obs_40_0020"></a><a name="obs_40_0020"></a>
 
 <h1 class="topictitle1">Granting IAM User Groups All Permissions on All OBS Resources</h1>
-<div id="body1588765301379"><div class="section" id="obs_40_0020__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0020__p3431154410448">This topic describes how to grant multiple IAM users or user groups all permissions on all OBS resources. Users with this permission can perform any OBS operation.</p>
+<div id="body1588765301379"><div class="section" id="obs_40_0020__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0020__p3431154410448">This topic describes how to grant multiple IAM users or user groups all permissions on all OBS resources. Users with this permission can perform any operations on OBS.</p>
 </div>
-<div class="section" id="obs_40_0020__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0020__p103657437515">IAM custom policies</p>
+<div class="section" id="obs_40_0020__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0020__p103657437515">Use an IAM custom policy to configure the permissions.</p>
 </div>
-<div class="section" id="obs_40_0020__section1976313561854"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0020__ol170633855216"><li id="obs_40_0020__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0020__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0020__b13023912502">Service List</strong> &gt; <strong id="obs_40_0020__b70123914501">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0020__b3003912507">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0020__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0020__b857015426257">Permissions</strong>.</span></li><li id="obs_40_0020__li1388483016366"><span>Click <strong id="obs_40_0020__b22623504509">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0020__li1161395452712"><span>Configure parameters for a custom policy.</span><p><div class="fignone" id="obs_40_0020__fig313442114368"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0020__image10136182117366" src="en-us_image_0000001385530212.png"></span></div>
+<div class="section" id="obs_40_0020__section1976313561854"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0020__ol170633855216"><li id="obs_40_0020__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0020__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0020__b13023912502">Service List</strong> &gt; <strong id="obs_40_0020__b70123914501">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0020__b3003912507">Identity and Access Management</strong>.</span></li><li id="obs_40_0020__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0020__b857015426257">Permissions</strong>.</span></li><li id="obs_40_0020__li1388483016366"><span>Click <strong id="obs_40_0020__b22623504509">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0020__li1161395452712"><span>Configure a custom policy.</span><p><div class="fignone" id="obs_40_0020__fig313442114368"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0020__image10136182117366" src="en-us_image_0000001385530212.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0020__table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0020__row6375927132818"><th align="left" class="cellrowborder" valign="top" width="25.03%" id="mcps1.3.3.2.5.2.2.2.3.1.1"><p id="obs_40_0020__p23757272286"><strong id="obs_40_0020__b19681602982500">Parameter</strong></p>
 </th>
@@ -15,12 +15,12 @@
 </thead>
 <tbody><tr id="obs_40_0020__row17375102752819"><td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0020__p1737572772816">Policy Name</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0020__p83758278280">Name of the custom policy</p>
+<td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0020__p83758278280">Enter a policy name.</p>
 </td>
 </tr>
 <tr id="obs_40_0020__row1937592712288"><td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0020__p173753272284">Policy View</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0020__p17375102714285">Set this parameter based on your own habits. <strong id="obs_40_0020__b1262518019178">Visual editor</strong> is used here.</p>
+<td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0020__p17375102714285">Select one based on your own habits. <strong id="obs_40_0020__b1273193318012">Visual editor</strong> is used here.</p>
 </td>
 </tr>
 <tr id="obs_40_0020__row133751227142812"><td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0020__p203751027172816">Policy Content</p>
@@ -36,8 +36,8 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0020__li1293324623719"><span>Click <strong id="obs_40_0020__b8744100402500">OK</strong>. The custom policy is created.</span></li><li id="obs_40_0020__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0020__p1312812258417">Add the created custom policy to the user group by following the instructions in the IAM document.</p>
-</p></li><li id="obs_40_0020__li12273529113919"><span>Add the IAM user you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0020__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0020__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.</p>
+</p></li><li id="obs_40_0020__li1293324623719"><span>Click <strong id="obs_40_0020__b142262522328">OK</strong>.</span></li><li id="obs_40_0020__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0020__p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
+</p></li><li id="obs_40_0020__li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0020__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0020__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
 </div></div>
 </p></li></ol>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0021.html b/docs/obs/perms-cfg/obs_40_0021.html
index 99eb4141..5b86e986 100644
--- a/docs/obs/perms-cfg/obs_40_0021.html
+++ b/docs/obs/perms-cfg/obs_40_0021.html
@@ -1,7 +1,7 @@
 <a name="obs_40_0021"></a><a name="obs_40_0021"></a>
 
 <h1 class="topictitle1">Granting IAM User Groups Basic Permissions on All OBS Resources</h1>
-<div id="body1588765301379"><div class="section" id="obs_40_0021__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0021__p3431154410448">This topic describes how to use the OBS-related system roles and policies preset in IAM to grant basic operation permissions on all OBS resources to multiple IAM users or user groups. The following table lists the permissions supported by preset system roles and policies.</p>
+<div id="body1588765301379"><div class="section" id="obs_40_0021__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0021__p3431154410448">This topic describes how to use OBS system roles and policies preset in IAM to grant basic operation permissions for all OBS resources to multiple IAM users or user groups. The following table lists the permissions supported by preset system roles and policies.</p>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0021__table143320246431" frame="border" border="1" rules="all"><caption><b>Table 1 </b>OBS system permissions</caption><thead align="left"><tr id="obs_40_0021__row13332624144312"><th align="left" class="cellrowborder" valign="top" width="21.89%" id="mcps1.3.1.3.2.4.1.1"><p id="obs_40_0021__p7332132484320">Role/Policy Name</p>
 </th>
@@ -41,7 +41,7 @@
 </tr>
 <tr id="obs_40_0021__row7333132416439"><td class="cellrowborder" valign="top" width="21.89%" headers="mcps1.3.1.3.2.4.1.1 "><p id="obs_40_0021__p23331324114313">OBS ReadOnlyAccess</p>
 </td>
-<td class="cellrowborder" valign="top" width="60.050000000000004%" headers="mcps1.3.1.3.2.4.1.2 "><p id="obs_40_0021__p193331246430">Users with this permission can list buckets, obtain basic bucket information, obtain bucket metadata, and list objects (not the objects that have been versioned).</p>
+<td class="cellrowborder" valign="top" width="60.050000000000004%" headers="mcps1.3.1.3.2.4.1.2 "><p id="obs_40_0021__p193331246430">Users with this permission can list buckets, obtain basic bucket information, obtain bucket metadata, and list objects (excluding the objects that have been versioned).</p>
 <div class="note" id="obs_40_0021__note864512387375"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0021__p136452384379">If a user with this permission fails to list objects on OBS Console, there may be multiple versions of objects in the bucket. In this case, you need to grant the user the <strong id="obs_40_0021__b11873241193513">obs:bucket:ListBucketVersions</strong> permission so that the user can view different versions of objects on OBS Console.</p>
 </div></div>
 </td>
@@ -50,7 +50,7 @@
 </tr>
 <tr id="obs_40_0021__row3333202464311"><td class="cellrowborder" valign="top" width="21.89%" headers="mcps1.3.1.3.2.4.1.1 "><p id="obs_40_0021__p1333112420434">OBS OperateAccess</p>
 </td>
-<td class="cellrowborder" valign="top" width="60.050000000000004%" headers="mcps1.3.1.3.2.4.1.2 "><p id="obs_40_0021__p145991616552">Users with this permission can perform all OBS ReadOnlyAccess operations and perform basic object operations, such as uploading objects, downloading objects, deleting objects, and obtaining object ACLs.</p>
+<td class="cellrowborder" valign="top" width="60.050000000000004%" headers="mcps1.3.1.3.2.4.1.2 "><p id="obs_40_0021__p145991616552">Users with this permission can perform all ReadOnlyAccess operations on OBS and perform basic operations on objects, such as uploading, downloading, deleting objects, and obtaining object ACLs.</p>
 <div class="note" id="obs_40_0021__note84579519419"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0021__p9457205144115">If a user with this permission fails to list objects on OBS Console, there may be multiple versions of objects in the bucket. In this case, you need to grant the user the <strong id="obs_40_0021__b79791245133515">obs:bucket:ListBucketVersions</strong> permission so that the user can view different versions of objects on OBS Console.</p>
 </div></div>
 </td>
@@ -63,12 +63,12 @@
 </div>
 <div class="section" id="obs_40_0021__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0021__p103657437515">IAM system roles and policies</p>
 </div>
-<div class="section" id="obs_40_0021__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0021__p817120327254">After a system role or policy is configured according to this case, if you log in to the system using OBS Console or OBS Browser+, a message may be displayed indicating that you do not have the permission. </p>
-<p id="obs_40_0021__p5919175842316">Authorized permissions are valid, though operations on the console or client are restricted. You can call the APIs directly.</p>
-<p id="obs_40_0021__p2091955810234">With <strong id="obs_40_0021__b6954823124117">OBS OperateAccess</strong> configured, you can upload or download objects on OBS Console or OBS Browser+.</p>
+<div class="section" id="obs_40_0021__section786219432319"><h4 class="sectiontitle">Precautions</h4><p id="obs_40_0021__p817120327254">After a system role or policy is configured according to this case, if you log in to the system using OBS Console or OBS Browser+, a message may be displayed indicating that you do not have the permission. </p>
+<p id="obs_40_0021__p5919175842316">Although the error message is displayed, the IAM users can still call the APIs to perform authorized operations.</p>
+<p id="obs_40_0021__p2091955810234">When <strong id="obs_40_0021__b6954823124117">OBS OperateAccess</strong> is allowed, they can upload or download objects on OBS Console or OBS Browser+.</p>
 </div>
-<div class="section" id="obs_40_0021__section1976313561854"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0021__ol170633855216"><li id="obs_40_0021__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0021__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0021__b1424104235114">Service List</strong> &gt; <strong id="obs_40_0021__b152515429519">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0021__b225154225119">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0021__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0021__p1312812258417">Add system roles or policies that meet the service scenario requirements to the user group by following the instructions provided in the IAM document.</p>
-</p></li><li id="obs_40_0021__li12273529113919"><span>Add the IAM user you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0021__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0021__p37253183814">Due to data caching, it takes about 10 to 15 minutes for the configured permissions to take effect.</p>
+<div class="section" id="obs_40_0021__section1976313561854"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0021__ol170633855216"><li id="obs_40_0021__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0021__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0021__b1424104235114">Service List</strong> &gt; <strong id="obs_40_0021__b152515429519">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0021__b225154225119">Identity and Access Management</strong>.</span></li><li id="obs_40_0021__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0021__p1312812258417">Apply system roles or policies that meet requirements to the user group by following the instructions provided in the IAM document.</p>
+</p></li><li id="obs_40_0021__li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0021__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0021__p37253183814">Due to data caching, it takes about 10 to 15 minutes for the configured permissions to take effect.</p>
 </div></div>
 </p></li></ol>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0022.html b/docs/obs/perms-cfg/obs_40_0022.html
index 7837be65..2235fe11 100644
--- a/docs/obs/perms-cfg/obs_40_0022.html
+++ b/docs/obs/perms-cfg/obs_40_0022.html
@@ -1,15 +1,15 @@
 <a name="obs_40_0022"></a><a name="obs_40_0022"></a>
 
-<h1 class="topictitle1">Granting IAM User Groups Specified Permissions on All OBS Resources</h1>
-<div id="body1588765301379"><div class="section" id="obs_40_0022__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0022__p3431154410448">This topic describes how to grant multiple IAM users or user groups specific permissions on all OBS resources.</p>
+<h1 class="topictitle1">Granting IAM User Groups Specific Permissions for All OBS Resources</h1>
+<div id="body1588765301379"><div class="section" id="obs_40_0022__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0022__p3431154410448">This topic describes how to grant multiple IAM users or user groups specified permissions for all OBS resources.</p>
 </div>
-<div class="section" id="obs_40_0022__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0022__p103657437515">IAM custom policies</p>
+<div class="section" id="obs_40_0022__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0022__p103657437515">Use an IAM custom policy to configure the permissions.</p>
 </div>
-<div class="section" id="obs_40_0022__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0022__p817120327254">After the configuration is complete, you can perform allowed operations using APIs. However, if you log in to OBS Console or OBS Browser+ to perform those operations, an error is reported indicating that you do not have required permissions.</p>
-<p id="obs_40_0022__p116361483599">This is because when you log in to OBS Console or OBS Browser+, APIs (such as <strong id="obs_40_0022__b337011864314">ListAllMyBuckets</strong> and <strong id="obs_40_0022__b71716203434">ListBucket</strong>) are called to load the bucket list and object list and some other APIs will also be called on other pages, but your permissions do not cover those APIs. In such case, your access to OBS Console or OBS Browser+ is denied or your operation is not allowed.</p>
+<div class="section" id="obs_40_0022__section786219432319"><h4 class="sectiontitle">Precautions</h4><p id="obs_40_0022__p817120327254">After configuration, IAM user groups can perform allowed operations using APIs. If they log in to OBS Console or OBS Browser+ to perform those operations, a message will be displayed indicating that they do not have required permissions.</p>
+<p id="obs_40_0022__p116361483599">This is because when they log in to OBS Console or OBS Browser+, APIs (such as <strong id="obs_40_0022__b333219515015">ListAllMyBuckets</strong> and <strong id="obs_40_0022__b1033310512019">ListBucket</strong>) are called to load the bucket list and object list and some other APIs will also be called on other pages, but their permissions do not cover those APIs. In such case, the message is diplayed.</p>
 <p id="obs_40_0022__p7807163365117">To allow IAM users to operate buckets and objects on OBS Console or OBS Browser+, add at least the <strong id="obs_40_0022__b44441417182119">obs:bucket:ListAllMyBuckets</strong> and <strong id="obs_40_0022__b3451161714213">obs:bucket:ListBucket</strong> permissions to the custom policy.</p>
 </div>
-<div class="section" id="obs_40_0022__section1976313561854"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0022__ol170633855216"><li id="obs_40_0022__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0022__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0022__b19348101015418">Service List</strong> &gt; <strong id="obs_40_0022__b1034881065414">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0022__b143481108548">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0022__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0022__b6600151112716">Permissions</strong>.</span></li><li id="obs_40_0022__li1388483016366"><span>Click <strong id="obs_40_0022__b07324916548">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0022__li1161395452712"><span>Configure parameters for a custom policy.</span><p><div class="fignone" id="obs_40_0022__fig59601157145012"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0022__image1096195735010" src="en-us_image_0000001436253413.png"></span></div>
+<div class="section" id="obs_40_0022__section1976313561854"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0022__ol170633855216"><li id="obs_40_0022__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0022__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0022__b19348101015418">Service List</strong> &gt; <strong id="obs_40_0022__b1034881065414">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0022__b143481108548">Identity and Access Management</strong>.</span></li><li id="obs_40_0022__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0022__b6600151112716">Permissions</strong>.</span></li><li id="obs_40_0022__li1388483016366"><span>Click <strong id="obs_40_0022__b07324916548">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0022__li1161395452712"><span>Configure a custom policy.</span><p><div class="fignone" id="obs_40_0022__fig59601157145012"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0022__image1096195735010" src="en-us_image_0000001436253413.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0022__table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0022__row6375927132818"><th align="left" class="cellrowborder" valign="top" width="25.25%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0022__p23757272286"><strong id="obs_40_0022__b9153439274332">Parameter</strong></p>
 </th>
@@ -19,17 +19,17 @@
 </thead>
 <tbody><tr id="obs_40_0022__row17375102752819"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0022__p1737572772816">Policy Name</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0022__p83758278280">Name of the custom policy</p>
+<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0022__p83758278280">Enter a policy name.</p>
 </td>
 </tr>
 <tr id="obs_40_0022__row1937592712288"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0022__p173753272284">Policy View</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0022__p17375102714285">Set this parameter based on your own habits. <strong id="obs_40_0022__b498165611613">Visual editor</strong> is used here.</p>
+<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0022__p17375102714285">Select one based on your own habits. <strong id="obs_40_0022__b207111424507">Visual editor</strong> is used here.</p>
 </td>
 </tr>
 <tr id="obs_40_0022__row133751227142812"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0022__p203751027172816">Policy Content</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0022__ul312618263319"><li id="obs_40_0022__li112652673110">Select <strong id="obs_40_0022__b15462797584332">Allow</strong>.</li><li id="obs_40_0022__li1952919359">Select <strong id="obs_40_0022__b10755842674332">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0022__li813512281313">Select the actions to be authorized.</li><li id="obs_40_0022__li024173143415">Select <strong id="obs_40_0022__b7462133612293">All</strong> for resources.</li></ul>
+<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0022__ul312618263319"><li id="obs_40_0022__li112652673110">Select <strong id="obs_40_0022__b15462797584332">Allow</strong>.</li><li id="obs_40_0022__li1952919359">Select <strong id="obs_40_0022__b10755842674332">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0022__li813512281313">Select the actions to be allowed.</li><li id="obs_40_0022__li024173143415">Select <strong id="obs_40_0022__b7462133612293">All</strong> for resources.</li></ul>
 </td>
 </tr>
 <tr id="obs_40_0022__row15393131325217"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0022__p83756273285">Scope</p>
@@ -40,8 +40,8 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0022__li1293324623719"><span>Click <strong id="obs_40_0022__b5831489364332">OK</strong>. The custom policy is created.</span></li><li id="obs_40_0022__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0022__p1312812258417">Add the created custom policy to the user group by following the instructions in the IAM document.</p>
-</p></li><li id="obs_40_0022__li12273529113919"><span>Add the IAM user you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0022__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0022__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.</p>
+</p></li><li id="obs_40_0022__li1293324623719"><span>Click <strong id="obs_40_0022__b103151843193213">OK</strong>.</span></li><li id="obs_40_0022__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0022__p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
+</p></li><li id="obs_40_0022__li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0022__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0022__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
 </div></div>
 </p></li></ol>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0023.html b/docs/obs/perms-cfg/obs_40_0023.html
index ea7dcc69..b863a483 100644
--- a/docs/obs/perms-cfg/obs_40_0023.html
+++ b/docs/obs/perms-cfg/obs_40_0023.html
@@ -1,18 +1,18 @@
 <a name="obs_40_0023"></a><a name="obs_40_0023"></a>
 
-<h1 class="topictitle1">Granting IAM User Groups Specified Permissions on Certain OBS Resources</h1>
-<div id="body1588765301379"><div class="section" id="obs_40_0023__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0023__p3431154410448">This topic describes how to grant certain operation permissions on specific OBS resources (can be a bucket or an object) to multiple IAM users or user groups.</p>
+<h1 class="topictitle1">Granting IAM User Groups Specific Permissions on Specific OBS Resources</h1>
+<div id="body1588765301379"><div class="section" id="obs_40_0023__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0023__p3431154410448">This topic describes how to grant specific operation permissions on specific OBS resources (a bucket or an object) to multiple IAM users or user groups.</p>
 </div>
-<div class="section" id="obs_40_0023__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0023__p103657437515">IAM custom policies</p>
+<div class="section" id="obs_40_0023__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0023__p103657437515">Use an IAM custom policy to configure the permissions.</p>
 </div>
-<div class="section" id="obs_40_0023__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0023__p817120327254">After the configuration is complete, you can perform allowed operations using APIs. However, if you log in to OBS Console or OBS Browser+ to perform those operations, an error is reported indicating that you do not have required permissions.</p>
-<p id="obs_40_0023__p2095722518592">This is because when you log in to OBS Console or OBS Browser+, APIs (such as <strong id="obs_40_0023__b1130515291818">ListAllMyBuckets</strong> and <strong id="obs_40_0023__b137993304820">ListBucket</strong>) are called to load the bucket list and object list and some other APIs will also be called on other pages, but your permissions do not cover those APIs. In such case, your access to OBS Console or OBS Browser+ is denied or your operation is not allowed.</p>
+<div class="section" id="obs_40_0023__section786219432319"><h4 class="sectiontitle">Precautions</h4><p id="obs_40_0023__p817120327254">After configuration, IAM user groups can perform allowed operations using APIs. If they log in to OBS Console or OBS Browser+ to perform those operations, a message will be displayed indicating that they do not have required permissions.</p>
+<p id="obs_40_0023__p2095722518592">When they log in to OBS Console or OBS Browser+, APIs (such as <strong id="obs_40_0023__b34331469166">ListAllMyBuckets</strong> and <strong id="obs_40_0023__b13433194621618">ListBucket</strong>) are called to load the bucket list and object list and some other APIs will also be called on other pages, but their permissions do not cover those APIs. In such case, the message is diplayed.</p>
 <p id="obs_40_0023__p7807163365117">To allow IAM users to operate buckets and objects on OBS Console or OBS Browser+, add at least the <strong id="obs_40_0023__b1611149202711">obs:bucket:ListAllMyBuckets</strong> and <strong id="obs_40_0023__b86122918270">obs:bucket:ListBucket</strong> permissions to the custom policy.</p>
 <div class="note" id="obs_40_0023__note5566228165219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0023__p1518015112445"><strong id="obs_40_0023__b12487175316569">obs:bucket:ListAllMyBuckets</strong> applies to all resources. You need to select all resources.</p>
 <p id="obs_40_0023__p256692825216"><strong id="obs_40_0023__b272951591913">obs:bucket:ListBucket</strong> applies only to the authorized bucket. You can select all resources or a specified bucket as needed.</p>
 </div></div>
 </div>
-<div class="section" id="obs_40_0023__section1976313561854"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0023__ol170633855216"><li id="obs_40_0023__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0023__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0023__b4329163635612">Service List</strong> &gt; <strong id="obs_40_0023__b183291636155616">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0023__b123291436185618">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0023__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0023__b742013972818">Permissions</strong>.</span></li><li id="obs_40_0023__li1388483016366"><span>Click <strong id="obs_40_0023__b819614439565">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0023__li1161395452712"><span>Configure parameters for a custom policy.</span><p><div class="fignone" id="obs_40_0023__fig108170917818"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0023__image18181994819" src="en-us_image_0000001385859230.png"></span></div>
+<div class="section" id="obs_40_0023__section1976313561854"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0023__ol170633855216"><li id="obs_40_0023__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0023__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0023__b4329163635612">Service List</strong> &gt; <strong id="obs_40_0023__b183291636155616">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0023__b123291436185618">Identity and Access Management</strong>.</span></li><li id="obs_40_0023__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0023__b742013972818">Permissions</strong>.</span></li><li id="obs_40_0023__li1388483016366"><span>Click <strong id="obs_40_0023__b819614439565">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0023__li1161395452712"><span>Configure a custom policy.</span><p><div class="fignone" id="obs_40_0023__fig108170917818"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0023__image18181994819" src="en-us_image_0000001385859230.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0023__table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0023__row6375927132818"><th align="left" class="cellrowborder" valign="top" width="25.25%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0023__p23757272286"><strong id="obs_40_0023__b138822153645142">Parameter</strong></p>
 </th>
@@ -22,12 +22,12 @@
 </thead>
 <tbody><tr id="obs_40_0023__row17375102752819"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0023__p1737572772816">Policy Name</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0023__p83758278280">Name of the custom policy</p>
+<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0023__p83758278280">Enter a policy name.</p>
 </td>
 </tr>
 <tr id="obs_40_0023__row1937592712288"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0023__p173753272284">Policy View</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0023__p17375102714285">Set this parameter based on your own habits. <strong id="obs_40_0023__b4289123041619">Visual editor</strong> is used here.</p>
+<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0023__p17375102714285">Select one based on your own habits. <strong id="obs_40_0023__b77688415919">Visual editor</strong> is used here.</p>
 </td>
 </tr>
 <tr id="obs_40_0023__row133751227142812"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0023__p203751027172816">Policy Content</p>
@@ -35,19 +35,20 @@
 <td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0023__p1928318374535">[Permission 1] It is mandatory when an authorized user needs to perform operations on OBS Console or OBS Browser+.</p>
 <ul id="obs_40_0023__ul1488325514462"><li id="obs_40_0023__li10883125510469">Select <strong id="obs_40_0023__b88976299145142">Allow</strong>.</li><li id="obs_40_0023__li988318554466">Select <strong id="obs_40_0023__b151943995545142">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0023__li19883155554614">Select <strong id="obs_40_0023__b12727183314324">obs:bucket:ListAllMyBuckets</strong> from the actions.</li><li id="obs_40_0023__li1991741116547">Select <strong id="obs_40_0023__b153479408322">All</strong> for resources.</li></ul>
 <p id="obs_40_0023__p148511375414">[Permission 2]</p>
-<ul id="obs_40_0023__ul127691549205313"><li id="obs_40_0023__li167691496533">Select <strong id="obs_40_0023__b74938556745142">Allow</strong>.</li><li id="obs_40_0023__li1676910494536">Select <strong id="obs_40_0023__b145468528145142">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0023__li7820139488">Select the actions to be authorized.</li><li id="obs_40_0023__li77691949175310">Choose <strong id="obs_40_0023__b35010192029">Specific resources</strong> &gt; <strong id="obs_40_0023__b4258125924">Bucket</strong> to specify bucket resources.<p id="obs_40_0023__p4392013822"><span style="color:#3D3F43;">[Format]</span></p>
+<ul id="obs_40_0023__ul127691549205313"><li id="obs_40_0023__li167691496533">Select <strong id="obs_40_0023__b74938556745142">Allow</strong>.</li><li id="obs_40_0023__li1676910494536">Select <strong id="obs_40_0023__b145468528145142">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0023__li7820139488">Select the actions to be authorized.</li><li id="obs_40_0023__li77691949175310">Choose <strong id="obs_40_0023__b35010192029">Specific resources</strong> &gt; <strong id="obs_40_0023__b4258125924">Bucket</strong> to specify bucket resources.<p id="obs_40_0023__p4392013822">[Format]</p>
 <p id="obs_40_0023__p9933155311298"><strong id="obs_40_0023__b17700193119537">obs:*:*:bucket:</strong><em id="obs_40_0023__i102229783545142">bucket name</em></p>
 <p id="obs_40_0023__p14703335307">[Note]</p>
-<p id="obs_40_0023__p9142175873014">For bucket resources, IAM automatically generates the prefix of the resource path: <strong style="color:#3D3F43;" id="obs_40_0023__b123687613345142">obs:*:*:bucket:</strong>.</p>
-<p id="obs_40_0023__p17463217363">For the path of a specific bucket, add the <em id="obs_40_0023__i27889316645142">bucket name</em> to the end. You can also add a wildcard character (*) to indicate any bucket. Example:</p>
-<p id="obs_40_0023__p129731439193114"><strong style="color:#3D3F43;" id="obs_40_0023__b177524031545142">obs:*:*:bucket:</strong><strong style="color:#3D3F43;" id="obs_40_0023__b24859914545142">*</strong>, indicating any OBS bucket.</p>
+<p id="obs_40_0023__p9142175873014">For bucket resources, IAM automatically generates the prefix of the resource path: <strong id="obs_40_0023__b123687613345142">obs:*:*:bucket:</strong>.</p>
+<p id="obs_40_0023__p17463217363">For the path of a specific bucket, add the <em id="obs_40_0023__i27889316645142">bucket name</em> to the end. You can also add a wildcard character (*) to indicate any bucket. Examples are given as follows:</p>
+<ul id="obs_40_0023__ul5609041191715"><li id="obs_40_0023__li389817471171"><strong id="obs_40_0023__b10899184761711">obs:*:*:bucket:</strong><strong id="obs_40_0023__b1489924721718">*</strong> (indicating any OBS bucket)</li><li id="obs_40_0023__li2060984191712"><strong id="obs_40_0023__b13659863294">obs:*:*:bucket:examplebucket</strong> (indicating that the policy applies to bucket <strong id="obs_40_0023__b109899017816">examplebucket</strong>)</li></ul>
 <p id="obs_40_0023__p07854412554">To perform operations on OBS Console or OBS Browser+, grant the<strong id="obs_40_0023__b1392303593417"> obs:bucket:ListBucket</strong> permission to a specified bucket.</p>
-</li><li id="obs_40_0023__li68704665514">Choose <strong id="obs_40_0023__b1294597612">Specific resources</strong> &gt; <strong id="obs_40_0023__b63881013665">Object</strong> to specify an object resource.<p id="obs_40_0023__p325619913310"><span style="color:#3D3F43;">[Format]</span></p>
-<p id="obs_40_0023__p1925689183116"><span style="color:#3D3F43;">obs:*:*:object:</span><em style="color:#3D3F43;" id="obs_40_0023__i50449033345142">bucket name/object name</em></p>
+</li><li id="obs_40_0023__li68704665514">Choose <strong id="obs_40_0023__b1294597612">Specific resources</strong> &gt; <strong id="obs_40_0023__b63881013665">Object</strong> to specify an object resource.<p id="obs_40_0023__p325619913310">[Format]</p>
+<p id="obs_40_0023__p1925689183116">Objects in a specified directory: <strong id="obs_40_0023__b19991655085">obs:*:*:object:</strong><em id="obs_40_0023__i052751113910">Bucket name</em><strong id="obs_40_0023__b1170011142091">/</strong><em id="obs_40_0023__i19757131614910">Prefix</em><strong id="obs_40_0023__b2076831914912">/*</strong></p>
+<p id="obs_40_0023__p12557181110459">Specified object: <strong id="obs_40_0023__b934634918916">obs:*:*:object:</strong><em id="obs_40_0023__i1764535519910">Bucket name</em><strong id="obs_40_0023__b128853562918">/</strong><em id="obs_40_0023__i264518555918">Object name</em></p>
 <p id="obs_40_0023__p182561698314">[Note]</p>
 <p id="obs_40_0023__p770393763415">For object resources, IAM automatically generates the prefix of the resource path: <strong id="obs_40_0023__b132313378445142">obs:*:*:object:</strong></p>
-<p id="obs_40_0023__p181983113519">For the path of a specific object, add the <em id="obs_40_0023__i187486116645142">bucket name/object name</em> to the end. You can also add a wildcard character (*) to indicate any object in a bucket. Example:</p>
-<p id="obs_40_0023__p161341247133614"><strong id="obs_40_0023__b51485814945142">obs:*:*:object:my-bucket/my-object/*</strong>: any object in the <strong id="obs_40_0023__b211828846445142">my-object</strong> directory of the <strong id="obs_40_0023__b134773144545142">my-bucket</strong> bucket.</p>
+<p id="obs_40_0023__p181983113519">For the path of a specific object, add the <em id="obs_40_0023__i187486116645142">bucket name/object name</em> to the end. You can also add a wildcard character (*) to indicate any object in a bucket. Examples are given as follows:</p>
+<ul id="obs_40_0023__ul1749611911817"><li id="obs_40_0023__li164971619121811"><strong id="obs_40_0023__b528922915117">obs:*:*:object:my-bucket/my-object/*</strong> (indicating any object in the <strong id="obs_40_0023__b18289529141116">my-object</strong> directory of bucket <strong id="obs_40_0023__b1289152921112">my-bucket</strong>)</li><li id="obs_40_0023__li10610192691814"><strong id="obs_40_0023__b12668105469">obs:*:*:object:</strong><strong id="obs_40_0023__b1566910154617">my-bucket/exampleobject</strong> (indicating object <strong id="obs_40_0023__b20792171571216">exampleobject</strong> in bucket <strong id="obs_40_0023__b1716812282124">my-bucket</strong>)</li></ul>
 </li></ul>
 </td>
 </tr>
@@ -59,8 +60,8 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0023__li1293324623719"><span>Click <strong id="obs_40_0023__b87622676045142">OK</strong>. The custom policy is created.</span></li><li id="obs_40_0023__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0023__p1312812258417">Add the created custom policy to the user group by following the instructions in the IAM document.</p>
-</p></li><li id="obs_40_0023__li12273529113919"><span>Add the IAM user you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0023__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0023__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.</p>
+</p></li><li id="obs_40_0023__li1293324623719"><span>Click <strong id="obs_40_0023__b8111135943212">OK</strong>.</span></li><li id="obs_40_0023__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0023__p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
+</p></li><li id="obs_40_0023__li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0023__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0023__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
 </div></div>
 </p></li></ol>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0024.html b/docs/obs/perms-cfg/obs_40_0024.html
index 548f3bdc..80ec27c7 100644
--- a/docs/obs/perms-cfg/obs_40_0024.html
+++ b/docs/obs/perms-cfg/obs_40_0024.html
@@ -4,20 +4,20 @@
 <div id="body1588765301379"></div>
 <div>
 <ul class="ullinks">
-<li class="ulchildlink"><strong><a href="obs_40_0025.html">Granting an Account the Read and Write Permissions on a Bucket</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0025.html">Granting Other Accounts the Read/Write Permission for a Bucket</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0026.html">Granting an Account the Specified Permissions on a Bucket</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0026.html">Granting Other Accounts the Specified Permissions for a Bucket</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and the Resources in It</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0028.html">Granting an Account Read Permissions on Certain Objects</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0028.html">Granting Other Accounts the Read Permission for Certain Objects</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0029.html">Granting an Account the Specified Permissions on Certain Objects</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0029.html">Granting Other Accounts Specific Permissions for Specific Objects</a></strong><br>
 </li>
 </ul>
 
 <div class="familylinks">
-<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Configuration Cases in Typical Permission Control Scenarios</a></div>
+<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Permission Configuration in Typical Scenarios</a></div>
 </div>
 </div>
 
diff --git a/docs/obs/perms-cfg/obs_40_0025.html b/docs/obs/perms-cfg/obs_40_0025.html
index 5be9e88f..bed2153a 100644
--- a/docs/obs/perms-cfg/obs_40_0025.html
+++ b/docs/obs/perms-cfg/obs_40_0025.html
@@ -1,17 +1,16 @@
 <a name="obs_40_0025"></a><a name="obs_40_0025"></a>
 
-<h1 class="topictitle1">Granting an Account the Read and Write Permissions on a Bucket</h1>
-<div id="body1588765301379"><div class="section" id="obs_40_0025__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0025__p3431154410448">This topic describes how to grant other accounts (excluding the IAM users under them) the read and write permissions on OBS buckets. For details about how to grant permissions to an IAM user, see <a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket</a>.</p>
+<h1 class="topictitle1">Granting Other Accounts the Read/Write Permission for a Bucket</h1>
+<div id="body1588765301379"><div class="section" id="obs_40_0025__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0025__p3431154410448">This topic describes how to grant other accounts (excluding the IAM users under them) the read/write permission for OBS buckets. For details about how to grant permissions to an IAM user, see <a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and the Resources in It</a>.</p>
 </div>
-<div class="section" id="obs_40_0025__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0025__p103657437515">You are advised to use bucket policies to grant permissions to other accounts.</p>
+<div class="section" id="obs_40_0025__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0025__p103657437515">Use bucket policies to grant permissions to other accounts.</p>
 </div>
-<div class="section" id="obs_40_0025__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><div class="p" id="obs_40_0025__p1436151622312">The preset read/write mode of OBS has the following permissions:<ul id="obs_40_0025__ul12273198112311"><li id="obs_40_0025__li1327378202314">GetObject: downloading objects</li><li id="obs_40_0025__li227314817237">PutObject: uploading objects</li><li id="obs_40_0025__li127318812235">GetObjectVersion: downloading versioned objects</li><li id="obs_40_0025__li727310818238">DeleteObjectVersion: deleting objects versions</li><li id="obs_40_0025__li8273888232">DeleteObject: deleting objects</li></ul>
+<div class="section" id="obs_40_0025__section786219432319"><h4 class="sectiontitle">Precautions</h4>
+<p id="obs_40_0025__p16477101313289">After the configuration is complete, the authorized account can perform read and write operations (upload, download, or delete all objects in a bucket) by using APIs or by adding external buckets through OBS Browser+. Currently, access to buckets of other accounts is not allowed on OBS Console.</p>
+<p id="obs_40_0025__p119511212513">When you use OBS Browser+ to access the added external bucket, a message may still be displayed indicating that you do not have required permissions.</p>
+<p id="obs_40_0025__p8321172512317">Error cause: The loading on the OBS Browser+ bucket details page invokes some other OBS APIs. However, such operations are not allowed by the read and write permissions. Therefore, a message "Access denied. Check the response permission" or "This operation is not allowed on the requested resource" is displayed, however, existing permissions are not affected.</p>
 </div>
-<p id="obs_40_0025__p16477101313289">After the configuration is complete, the authorized account can perform read and write operations (upload, download, or delete all objects in a bucket) by using APIs or by adding external buckets through OBS Browser+. To do this by adding external buckets, the <strong id="obs_40_0025__b720124283">ListBucket</strong> permission is also required. Currently, access to buckets of other accounts is not allowed on OBS Console.</p>
-<p id="obs_40_0025__p119511212513">After the ListBucket permission is configured, a message may still be displayed indicating that you do not have the permission to access the added external bucket through OBS Browser+.</p>
-<p id="obs_40_0025__p8321172512317">Error cause: <span style="color:#3D3F43;">The loading on the OBS Browser+ bucket details page invokes some other OBS APIs. However, such operations are not allowed by the read and write permissions. Therefore, a message "Access denied. Check the response permission" or "This operation is not allowed on the requested resource" is displayed, however, existing permissions are not affected.</span></p>
-</div>
-<div class="section" id="obs_40_0025__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0025__ol170633855216"><li id="obs_40_0025__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0025__b189344278589">Object Storage</strong>.</span></li><li id="obs_40_0025__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0025__b97586262357">Overview</strong> page.</span></li><li id="obs_40_0025__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0025__b1970758941">Permissions</strong>.</span></li><li id="obs_40_0025__li1568715376490"><span>On the <strong id="obs_40_0025__b147605057051039">Bucket Policies</strong> page, click <strong id="obs_40_0025__b195674331451039">Create Bucket Policy</strong> under <strong id="obs_40_0025__b122537408951039">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0025__li3552175452220"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0025__fig1852718391218"><span class="figcap"><b>Figure 1 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0025__image25281839172119" src="en-us_image_0000001436140385.png"></span></div>
+<div class="section" id="obs_40_0025__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0025__ol170633855216"><li id="obs_40_0025__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0025__b189344278589">Object Storage</strong>.</span></li><li id="obs_40_0025__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0025__b99118241123829">Overview</strong> page.</span></li><li id="obs_40_0025__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0025__b10549556669050">Permissions</strong>.</span></li><li id="obs_40_0025__li1568715376490"><span>On the <strong id="obs_40_0025__b147605057051039">Bucket Policies</strong> page, click <strong id="obs_40_0025__b195674331451039">Create Bucket Policy</strong> under <strong id="obs_40_0025__b122537408951039">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0025__li3552175452220"><span>Configure a bucket policy.</span><p><div class="fignone" id="obs_40_0025__fig1852718391218"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span><br><span><img id="obs_40_0025__image25281839172119" src="en-us_image_0000001436140385.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0025__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0025__row27504174239"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0025__p107559176234"><strong id="obs_40_0025__b126898518751039">Parameter</strong></p>
 </th>
@@ -26,7 +25,7 @@
 </tr>
 <tr id="obs_40_0025__row8783617122317"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0025__p478519172231">Principal</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0025__ul1341145419174"><li id="obs_40_0025__li6417546174">Select <strong id="obs_40_0025__b599782418303">Include</strong> &gt; <strong id="obs_40_0025__b8969142863011">Other account</strong>.</li><li id="obs_40_0025__li4253125801711"><strong id="obs_40_0025__b971085145016">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0025__b2710195119509">My Credentials</strong> page of the account.</li><li id="obs_40_0025__li1530533711817"><strong id="obs_40_0025__b17887923204714">User ID</strong>: Enter the account ID, which can be obtained from the <strong id="obs_40_0025__b789213237479">My Credentials</strong> page of the account.<div class="note" id="obs_40_0025__note8498202544611"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0025__p15498192594615">In this example, permissions are granted to an account, excluding any IAM user under the account. Therefore, the user ID is the same as the account ID.</p>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0025__ul1341145419174"><li id="obs_40_0025__li6417546174">Select <strong id="obs_40_0025__b599782418303">Include</strong> &gt; <strong id="obs_40_0025__b8969142863011">Other account</strong>.</li><li id="obs_40_0025__li4253125801711"><strong id="obs_40_0025__b971085145016">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0025__b2710195119509">My Credentials</strong> page of the account.</li><li id="obs_40_0025__li1530533711817"><strong id="obs_40_0025__b17887923204714">User ID</strong>: Enter the account ID. You can obtain it from the <strong id="obs_40_0025__b789213237479">My Credentials</strong> page of the account.<div class="note" id="obs_40_0025__note8498202544611"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0025__p15498192594615">In this example, permissions are granted to an account, excluding any IAM user under the account. Therefore, the user ID is the same as the account ID.</p>
 </div></div>
 </li></ul>
 </td>
@@ -39,7 +38,7 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0025__li4406132611218"><span>Click <strong id="obs_40_0025__b85420007751039">OK</strong>. The bucket policy is created.</span></li><li id="obs_40_0025__li2201036121111"><span>(Optional) Click <strong id="obs_40_0025__b1325710565310">Create Bucket Policy</strong> again.</span><p><p id="obs_40_0025__p1299963512116">If the authorized account wants to access the OBS bucket on OBS Browser+ by mounting an external bucket, you need to add a ListBucket permission.</p>
+</p></li><li id="obs_40_0025__li4406132611218"><span>Click <strong id="obs_40_0025__b85420007751039">OK</strong>.</span></li><li id="obs_40_0025__li2201036121111"><span>(Optional) Click <strong id="obs_40_0025__b1325710565310">Create Bucket Policy</strong> again.</span><p><p id="obs_40_0025__p1299963512116">If the authorized account wants to access the OBS bucket on OBS Browser+ by mounting an external bucket, you need to add a ListBucket permission.</p>
 </p></li><li id="obs_40_0025__li1470617571214"><span>(Optional) Configure the ListBucket permission.</span><p><div class="fignone" id="obs_40_0025__fig12326103116234"><span class="figcap"><b>Figure 2 </b>Configuring the ListBucket permission</span><br><span><img id="obs_40_0025__image1132733113237" src="en-us_image_0000001435981085.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0025__table3706135201215" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0025__row2070620591220"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.4.2.8.2.2.2.3.1.1"><p id="obs_40_0025__p1770714531211"><strong id="obs_40_0025__b124334919751039">Parameter</strong></p>
@@ -78,7 +77,7 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0025__li1940154881411"><span>(Optional) Click <strong id="obs_40_0025__b181981053184714">OK</strong>. The bucket policy is created.</span></li></ol>
+</p></li><li id="obs_40_0025__li1940154881411"><span>(Optional) Click <strong id="obs_40_0025__b181981053184714">OK</strong>.</span></li></ol>
 </div>
 </div>
 <div>
diff --git a/docs/obs/perms-cfg/obs_40_0026.html b/docs/obs/perms-cfg/obs_40_0026.html
index 4cc1e96f..43db6284 100644
--- a/docs/obs/perms-cfg/obs_40_0026.html
+++ b/docs/obs/perms-cfg/obs_40_0026.html
@@ -1,14 +1,14 @@
 <a name="obs_40_0026"></a><a name="obs_40_0026"></a>
 
-<h1 class="topictitle1">Granting an Account the Specified Permissions on a Bucket</h1>
-<div id="body1588765301379"><div class="section" id="obs_40_0026__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0026__p122729624518">This topic describes how to grant other accounts (excluding the IAM users under them) specific operation permissions on OBS buckets. For details about how to grant permissions to an IAM user, see <a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket</a>.</p>
-<p id="obs_40_0026__p3431154410448">The following example explains how to grant the permissions to configure a bucket ACL and obtain the bucket ACL configuration information. If you need to configure other permissions, select the corresponding actions from the <strong id="obs_40_0026__b8042834446010">Action Name</strong> drop-down list in the bucket policy. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
+<h1 class="topictitle1">Granting Other Accounts the Specified Permissions for a Bucket</h1>
+<div id="body1588765301379"><div class="section" id="obs_40_0026__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0026__p122729624518">This topic describes how to grant other accounts (excluding the IAM users under them) specific permissions for OBS buckets. For details about how to grant permissions to an IAM user, see <a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and the Resources in It</a>.</p>
+<p id="obs_40_0026__p3431154410448">The following example explains how to grant the permissions to configure a bucket ACL and obtain the bucket ACL configuration information. To grant other permissions, select required actions from <strong id="obs_40_0026__b197522419171">Action Name</strong> in the bucket policy. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
 </div>
-<div class="section" id="obs_40_0026__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0026__p103657437515">You are advised to use bucket policies to grant permissions to other accounts.</p>
+<div class="section" id="obs_40_0026__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0026__p103657437515">Use bucket policies to grant permissions to other accounts.</p>
 </div>
-<div class="section" id="obs_40_0026__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0026__p119511212513">After the configuration is complete, the authorized account can configure and obtain a bucket ACL by using APIs or SDKs or by adding external buckets through OBS Browser+. To do this by adding external buckets, the <strong id="obs_40_0026__b74571950993">ListBucket</strong> permission is also required. Currently, access to buckets of other accounts is not allowed on OBS Console.</p>
+<div class="section" id="obs_40_0026__section786219432319"><h4 class="sectiontitle">Precautions</h4><p id="obs_40_0026__p119511212513">After configuration, the authorized account can configure and obtain a bucket ACL by using APIs or SDKs or by adding external buckets through OBS Browser+. To do this by adding external buckets, the <strong id="obs_40_0026__b74571950993">ListBucket</strong> permission is also required. Currently, access to buckets of other accounts is not allowed on OBS Console.</p>
 </div>
-<div class="section" id="obs_40_0026__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0026__ol170633855216"><li id="obs_40_0026__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0026__b55631234145812">Object Storage</strong>.</span></li><li id="obs_40_0026__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0026__b9925184715356">Overview</strong> page.</span></li><li id="obs_40_0026__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0026__b66631832104415">Permissions</strong>.</span></li><li id="obs_40_0026__li49461065486"><span>On the <strong id="obs_40_0026__b271214281818">Bucket Policies</strong> page, click <strong id="obs_40_0026__b9712728817">Create Bucket Policy</strong> under <strong id="obs_40_0026__b27121128911">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0026__li1470617571214"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0026__fig195023162719"><span class="figcap"><b>Figure 1 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0026__image19950839279" src="en-us_image_0000001385862242.png"></span></div>
+<div class="section" id="obs_40_0026__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0026__ol170633855216"><li id="obs_40_0026__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0026__b55631234145812">Object Storage</strong>.</span></li><li id="obs_40_0026__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0026__b73459336923830">Overview</strong> page.</span></li><li id="obs_40_0026__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0026__b21029769509052">Permissions</strong>.</span></li><li id="obs_40_0026__li1568715376490"><span>On the <strong id="obs_40_0026__b271214281818">Bucket Policies</strong> page, click <strong id="obs_40_0026__b9712728817">Create Bucket Policy</strong> under <strong id="obs_40_0026__b27121128911">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0026__li1470617571214"><span>Configure a bucket policy.</span><p><div class="fignone" id="obs_40_0026__fig195023162719"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span><br><span><img id="obs_40_0026__image19950839279" src="en-us_image_0000001385862242.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0026__table3706135201215" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0026__row2070620591220"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0026__p1770714531211"><strong id="obs_40_0026__b15223315836010">Parameter</strong></p>
 </th>
@@ -28,7 +28,7 @@
 </tr>
 <tr id="obs_40_0026__row27071453128"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0026__p9707195171215">Principal</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0026__ul1770715511217"><li id="obs_40_0026__li1070775131213">Select <strong id="obs_40_0026__b7291505406010">Include</strong> &gt; <strong id="obs_40_0026__b10479822166010">Other account</strong>.</li><li id="obs_40_0026__li117071512129"><strong id="obs_40_0026__b178541856510">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0026__b685455165119">My Credentials</strong> page of the account.</li><li id="obs_40_0026__li4707175171214"><strong id="obs_40_0026__b1089715764919">User ID</strong>: Enter the account ID, which can be obtained from the <strong id="obs_40_0026__b1457188676010">My Credentials</strong> page of the account.<div class="note" id="obs_40_0026__note8498202544611"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0026__p15498192594615">In this example, permissions are granted to an account, excluding any IAM user under the account. Therefore, the user ID is the same as the account ID.</p>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0026__ul1770715511217"><li id="obs_40_0026__li1070775131213">Select <strong id="obs_40_0026__b7291505406010">Include</strong> &gt; <strong id="obs_40_0026__b10479822166010">Other account</strong>.</li><li id="obs_40_0026__li117071512129"><strong id="obs_40_0026__b178541856510">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0026__b685455165119">My Credentials</strong> page of the account.</li><li id="obs_40_0026__li4707175171214"><strong id="obs_40_0026__b16461122618210">User ID</strong>: Enter the account ID. You can obtain it from the <strong id="obs_40_0026__b174616266214">My Credentials</strong> page of the account.<div class="note" id="obs_40_0026__note8498202544611"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0026__p15498192594615">In this example, permissions are granted to an account, excluding any IAM user under the account. Therefore, the user ID is the same as the account ID.</p>
 </div></div>
 </li></ul>
 </td>
@@ -48,7 +48,7 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0026__li1940154881411"><span>Click <strong id="obs_40_0026__b6119912276010">OK</strong>. The bucket policy is created.</span></li></ol>
+</p></li><li id="obs_40_0026__li1940154881411"><span>Click <strong id="obs_40_0026__b6119912276010">OK</strong>.</span></li></ol>
 </div>
 </div>
 <div>
diff --git a/docs/obs/perms-cfg/obs_40_0027.html b/docs/obs/perms-cfg/obs_40_0027.html
index d7c721c1..fa0e970f 100644
--- a/docs/obs/perms-cfg/obs_40_0027.html
+++ b/docs/obs/perms-cfg/obs_40_0027.html
@@ -1,50 +1,50 @@
 <a name="obs_40_0027"></a><a name="obs_40_0027"></a>
 
-<h1 class="topictitle1">Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket</h1>
+<h1 class="topictitle1">Granting IAM Users Under an Account the Access to a Bucket and the Resources in It</h1>
 <div id="body1596715709512"><div class="section" id="obs_40_0027__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0027__p122729624518">This topic describes how to grant IAM users the permissions to access OBS buckets and resources in them.</p>
 <p id="obs_40_0027__p3431154410448">The following describes how to grant the permissions to upload and download objects in a bucket. If you need to configure other specified permissions, configure the corresponding permissions in the bucket policy and IAM permissions.</p>
 </div>
-<div class="section" id="obs_40_0027__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0027__p103657437515">To grant permissions to IAM users under other accounts, you need to <strong id="obs_40_0027__b1109195274320">configure both</strong> <strong id="obs_40_0027__b67521955204213">bucket policies</strong> and <strong id="obs_40_0027__b287510711433">IAM permissions</strong>.</p>
+<div class="section" id="obs_40_0027__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0027__p103657437515">To grant permissions to IAM users under an account, you need to configure both <strong id="obs_40_0027__b8256103404411">bucket policies</strong> and <strong id="obs_40_0027__b226414312454">IAM permissions</strong>.</p>
 <p id="obs_40_0027__p1049215541032">For example, to allow IAM user <strong id="obs_40_0027__b18841626524">A</strong> of account <strong id="obs_40_0027__b172885321426">A</strong> to access bucket <strong id="obs_40_0027__b12475401211">B</strong> of account <strong id="obs_40_0027__b11263842126">B</strong>, you need to:</p>
-<ol id="obs_40_0027__ol7853716103516"><li id="obs_40_0027__li685301693514">Configure a bucket policy that allows IAM user <strong id="obs_40_0027__b9474163319319">A</strong> to access bucket <strong id="obs_40_0027__b116647362033">B</strong>.</li><li id="obs_40_0027__li888244323516">Configure IAM permissions for account <strong id="obs_40_0027__b1251820302115">A</strong> to allow IAM user <strong id="obs_40_0027__b20903714116">A</strong> to access bucket <strong id="obs_40_0027__b191941041101115">B</strong>.</li></ol>
-<p id="obs_40_0027__p1345162763720">The permissions allowed by both bucket policies and IAM permissions take effect.</p>
+<ol id="obs_40_0027__ol7853716103516"><li id="obs_40_0027__li685301693514">Configure a bucket policy that allows IAM user <strong id="obs_40_0027__b9474163319319">A</strong> to access bucket <strong id="obs_40_0027__b116647362033">B</strong>.</li><li id="obs_40_0027__li888244323516">Configure IAM permissions for account <strong id="obs_40_0027__b1045612463593">A</strong> to allow IAM user <strong id="obs_40_0027__b1426095015917">A</strong> to access bucket <strong id="obs_40_0027__b5574125115913">B</strong>.</li></ol>
 </div>
-<div class="section" id="obs_40_0027__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0027__p1997310195116">After the configuration is complete, the authorized IAM user can upload and download objects through APIs. In addition, the user can upload and download objects by mounting external buckets on OBS Browser+. To add external buckets, the <strong id="obs_40_0027__b15782712313">ListBucket</strong> permission is also required. Currently, access to buckets of other accounts is not allowed on OBS Console.</p>
+<div class="section" id="obs_40_0027__section786219432319"><h4 class="sectiontitle">Precautions</h4><p id="obs_40_0027__p1997310195116">After configuration, the IAM user can upload and download objects through APIs. In addition, the user can upload and download objects by mounting external buckets on OBS Browser+. To add external buckets, the <strong id="obs_40_0027__b15782712313">ListBucket</strong> permission is also required. Currently, access to buckets of other accounts is not allowed on OBS Console.</p>
 </div>
-<div class="section" id="obs_40_0027__section18368164564"><h4 class="sectiontitle">Configuration Procedure 1: Configure a Bucket Policy That Allows Specified Operations</h4><p id="obs_40_0027__p1294242910372"><strong id="obs_40_0027__b395817404560">The bucket owner or a user who has the permission to configure bucket policies needs to configure a bucket policy that allows specified operations.</strong></p>
-<ol id="obs_40_0027__ol170633855216"><li id="obs_40_0027__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0027__b6458442125816">Object Storage</strong>.</span></li><li id="obs_40_0027__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0027__b192261214123619">Overview</strong> page.</span></li><li id="obs_40_0027__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0027__b7156145924412">Permissions</strong>.</span></li><li id="obs_40_0027__li49461065486"><span>On the <strong id="obs_40_0027__b176410562414">Bucket Policies</strong> page, click <strong id="obs_40_0027__b876912565412">Create Bucket Policy</strong> under <strong id="obs_40_0027__b1776917561947">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0027__li1470617571214"><span>Configure a bucket policy that allows upload and download.</span><p><div class="fignone" id="obs_40_0027__fig1839112575282"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy that allows uploads and downloads</span><br><span><img id="obs_40_0027__image15393165711286" src="en-us_image_0000001386341906.png"></span></div>
+<div class="section" id="obs_40_0027__section18368164564"><h4 class="sectiontitle">Procedure 1: The Bucket Owner Configures a Bucket Policy.</h4><p id="obs_40_0027__p35829813485"><strong id="obs_40_0027__b109301413115513">The bucket owner or a user who has the permission to configure bucket policies needs to configure a bucket policy that allows IAM users under an account to perform specified operations on the bucket.</strong></p>
+<p id="obs_40_0027__p1294242910372">In this example, account <strong id="obs_40_0027__b445545655919">B</strong> (owner of bucket <strong id="obs_40_0027__b20701165812596">B</strong>) configures a bucket policy that allows IAM user <strong id="obs_40_0027__b98031917409">A</strong> of account <strong id="obs_40_0027__b351912259019">A</strong> to upload objects to and download objects from bucket <strong id="obs_40_0027__b862220391905">B</strong> of account <strong id="obs_40_0027__b1463512421016">B</strong>.</p>
+<ol id="obs_40_0027__ol170633855216"><li id="obs_40_0027__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0027__b6458442125816">Object Storage</strong>.</span></li><li id="obs_40_0027__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0027__b110482805523831">Overview</strong> page.</span></li><li id="obs_40_0027__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0027__b10288738699054">Permissions</strong>.</span></li><li id="obs_40_0027__li1568715376490"><span>On the <strong id="obs_40_0027__b176410562414">Bucket Policies</strong> page, click <strong id="obs_40_0027__b876912565412">Create Bucket Policy</strong> under <strong id="obs_40_0027__b1776917561947">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0027__li1470617571214"><span>Configure a bucket policy that allows uploads and downloads.</span><p><div class="fignone" id="obs_40_0027__fig1839112575282"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy that allows uploads and downloads</span><br><span><img id="obs_40_0027__image15393165711286" src="en-us_image_0000001386341906.png"></span></div>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0027__table3706135201215" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0027__row2070620591220"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.4.3.5.2.2.2.3.1.1"><p id="obs_40_0027__p1770714531211"><strong id="obs_40_0027__b112183559383133">Parameter</strong></p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0027__table3706135201215" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0027__row2070620591220"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.4.4.5.2.2.2.3.1.1"><p id="obs_40_0027__p1770714531211"><strong id="obs_40_0027__b112183559383133">Parameter</strong></p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="73.11999999999999%" id="mcps1.3.4.3.5.2.2.2.3.1.2"><p id="obs_40_0027__p47078561217"><strong id="obs_40_0027__b31504489683133">Description</strong></p>
+<th align="left" class="cellrowborder" valign="top" width="73.11999999999999%" id="mcps1.3.4.4.5.2.2.2.3.1.2"><p id="obs_40_0027__p47078561217"><strong id="obs_40_0027__b31504489683133">Description</strong></p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0027__row3707105161213"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.3.5.2.2.2.3.1.1 "><p id="obs_40_0027__p1270710541217">Policy Mode</p>
+<tbody><tr id="obs_40_0027__row3707105161213"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.4.5.2.2.2.3.1.1 "><p id="obs_40_0027__p1270710541217">Policy Mode</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.3.5.2.2.2.3.1.2 "><p id="obs_40_0027__p1070720571218">Select <strong id="obs_40_0027__b83271254983133">Customized</strong>.</p>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.4.5.2.2.2.3.1.2 "><p id="obs_40_0027__p1070720571218">Select <strong id="obs_40_0027__b83271254983133">Customized</strong>.</p>
 </td>
 </tr>
-<tr id="obs_40_0027__row0282443111316"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.3.5.2.2.2.3.1.1 "><p id="obs_40_0027__p1528214351316">Effect</p>
+<tr id="obs_40_0027__row0282443111316"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.4.5.2.2.2.3.1.1 "><p id="obs_40_0027__p1528214351316">Effect</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.3.5.2.2.2.3.1.2 "><p id="obs_40_0027__p628264361310">Select <strong id="obs_40_0027__b172872503783133">Allow</strong>.</p>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.4.5.2.2.2.3.1.2 "><p id="obs_40_0027__p628264361310">Select <strong id="obs_40_0027__b172872503783133">Allow</strong>.</p>
 </td>
 </tr>
-<tr id="obs_40_0027__row27071453128"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.3.5.2.2.2.3.1.1 "><p id="obs_40_0027__p9707195171215">Principal</p>
+<tr id="obs_40_0027__row27071453128"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.4.5.2.2.2.3.1.1 "><p id="obs_40_0027__p9707195171215">Principal</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.3.5.2.2.2.3.1.2 "><ul id="obs_40_0027__ul1770715511217"><li id="obs_40_0027__li1070775131213">Select <strong id="obs_40_0027__b200908649883133">Include</strong> &gt; <strong id="obs_40_0027__b25408026583133">Other account</strong>.</li><li id="obs_40_0027__li117071512129"><strong id="obs_40_0027__b231512467525">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0027__b12317246205220">My Credentials</strong> page of the account or the IAM user.</li><li id="obs_40_0027__li4707175171214"><strong id="obs_40_0027__b18984048142">User ID</strong>: Enter the ID of the IAM user under the authorized account. You can obtain the ID on the <strong id="obs_40_0027__b5334174217513">My Credentials</strong> page of the IAM user. The wildcard character (*) is supported, indicating that the setting takes effect for all IAM users under the account.</li></ul>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.4.5.2.2.2.3.1.2 "><ul id="obs_40_0027__ul1770715511217"><li id="obs_40_0027__li1070775131213">Select <strong id="obs_40_0027__b200908649883133">Include</strong> &gt; <strong id="obs_40_0027__b25408026583133">Other account</strong>.</li><li id="obs_40_0027__li117071512129"><strong id="obs_40_0027__b0694232141212">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0027__b669413220123">My Credentials</strong> page of the account or the IAM user. The ID of account <strong id="obs_40_0027__b7446234161219">A</strong> is used as an example here.</li><li id="obs_40_0027__li4707175171214"><strong id="obs_40_0027__b162377141133">User ID</strong>: Enter the ID of the IAM user under the authorized account. You can obtain the ID on the <strong id="obs_40_0027__b523719143131">My Credentials</strong> page of the IAM user. The wildcard character (*) is supported, indicating that the setting takes effect for all IAM users under the account. The ID of IAM user <strong id="obs_40_0027__b112451458151217">A</strong> under account <strong id="obs_40_0027__b10245135851218">A</strong> is used as an example here.</li></ul>
 </td>
 </tr>
-<tr id="obs_40_0027__row187079581216"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.3.5.2.2.2.3.1.1 "><p id="obs_40_0027__p47071520126">Resources</p>
+<tr id="obs_40_0027__row187079581216"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.4.5.2.2.2.3.1.1 "><p id="obs_40_0027__p47071520126">Resources</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.3.5.2.2.2.3.1.2 "><ul id="obs_40_0027__ul15636626173616"><li id="obs_40_0027__li1963652623617">Choose <strong id="obs_40_0027__b122160060883133">Include</strong> &gt; <strong id="obs_40_0027__b30252475983133">Specific resources</strong>.</li><li id="obs_40_0027__li1338101719199"><strong id="obs_40_0027__b182981143141412">Resource Name</strong>: Enter the object or the set of objects that will be accessed.<ul id="obs_40_0027__ul1978916471414"><li id="obs_40_0027__li115011491614">For one object, enter <em id="obs_40_0027__i107552046171416">object name</em>.</li><li id="obs_40_0027__li465155117114">For a set of objects, enter <em id="obs_40_0027__i135731049171416">object name prefix + *, * + object name suffix, or *</em>.</li></ul>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.4.5.2.2.2.3.1.2 "><ul id="obs_40_0027__ul15636626173616"><li id="obs_40_0027__li1963652623617">Choose <strong id="obs_40_0027__b122160060883133">Include</strong> &gt; <strong id="obs_40_0027__b30252475983133">Specific resources</strong>.</li><li id="obs_40_0027__li1338101719199"><strong id="obs_40_0027__b182981143141412">Resource Name</strong>: Enter the object or the set of objects that will be accessed.<ul id="obs_40_0027__ul1978916471414"><li id="obs_40_0027__li115011491614">For one object, enter <em id="obs_40_0027__i107552046171416">object name</em>.</li><li id="obs_40_0027__li465155117114">For a set of objects, enter <em id="obs_40_0027__i135731049171416">object name prefix + *, * + object name suffix, or *</em>.</li></ul>
 <p id="obs_40_0027__p5778105217114">Set this parameter to <strong id="obs_40_0027__b1633219291219">*</strong> if all objects need to be downloaded.</p>
 </li></ul>
 </td>
 </tr>
-<tr id="obs_40_0027__row16898181610148"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.3.5.2.2.2.3.1.1 "><p id="obs_40_0027__p989841691413">Actions</p>
+<tr id="obs_40_0027__row16898181610148"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.4.5.2.2.2.3.1.1 "><p id="obs_40_0027__p989841691413">Actions</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.3.5.2.2.2.3.1.2 "><ul id="obs_40_0027__ul48235222144"><li id="obs_40_0027__li1182312214143"><strong id="obs_40_0027__b93542087483133">Include</strong></li><li id="obs_40_0027__li04383583015"><strong id="obs_40_0027__b12790451158">Action Name</strong>:<ul id="obs_40_0027__ul7641371302"><li id="obs_40_0027__li169323914306">GetObject</li><li id="obs_40_0027__li18964256174912">GetObjectVersion</li><li id="obs_40_0027__li228323312115">PutObject</li><li id="obs_40_0027__li66314165016">(Optional) ListBucket: Select this operation if you need to use OBS Browser+ to add external buckets.</li></ul>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.4.5.2.2.2.3.1.2 "><ul id="obs_40_0027__ul48235222144"><li id="obs_40_0027__li1182312214143"><strong id="obs_40_0027__b93542087483133">Include</strong></li><li id="obs_40_0027__li04383583015"><strong id="obs_40_0027__b12790451158">Action Name</strong>:<ul id="obs_40_0027__ul7641371302"><li id="obs_40_0027__li169323914306">GetObject</li><li id="obs_40_0027__li18964256174912">GetObjectVersion</li><li id="obs_40_0027__li228323312115">PutObject</li><li id="obs_40_0027__li66314165016">(Optional) ListBucket: Select this operation if you need to use OBS Browser+ to add external buckets.</li></ul>
 </li></ul>
 <p id="obs_40_0027__p13633153815312">To configure other specified operation permissions on objects, select the corresponding actions. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
 </td>
@@ -52,69 +52,70 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0027__li1940154881411"><span>Click <strong id="obs_40_0027__b555404819224">OK</strong>. The bucket policy that allows upload and download is created.</span></li><li id="obs_40_0027__li542116451228"><span>(Optional) Click <strong id="obs_40_0027__b210415918228">Create Bucket Policy</strong> again to configure a bucket policy that allows objects in the bucket to be listed. (Perform this step when you need to use OBS Browser+ to add external buckets.)</span><p><div class="fignone" id="obs_40_0027__fig15856513153015"><span class="figcap"><b>Figure 2 </b>Configuring a bucket policy that allows objects to be listed in a bucket</span><br><span><img id="obs_40_0027__image1857121333016" src="en-us_image_0000001436302073.png"></span></div>
+</p></li><li id="obs_40_0027__li1940154881411"><span>Click <strong id="obs_40_0027__b555404819224">OK</strong>.</span></li><li id="obs_40_0027__li542116451228"><span>(Optional) Click <strong id="obs_40_0027__b210415918228">Create Bucket Policy</strong> again to configure a bucket policy that allows objects in the bucket to be listed. (Perform this step when you need to use OBS Browser+ to add external buckets.)</span><p><div class="fignone" id="obs_40_0027__fig15856513153015"><span class="figcap"><b>Figure 2 </b>Configuring a bucket policy that allows objects to be listed in a bucket</span><br><span><img id="obs_40_0027__image1857121333016" src="en-us_image_0000001436302073.png"></span></div>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0027__table21598471047" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0027__row616012476418"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.4.3.7.2.2.2.3.1.1"><p id="obs_40_0027__p18160847143"><strong id="obs_40_0027__b33723186483133">Parameter</strong></p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0027__table21598471047" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0027__row616012476418"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.4.4.7.2.2.2.3.1.1"><p id="obs_40_0027__p18160847143"><strong id="obs_40_0027__b33723186483133">Parameter</strong></p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="73.11999999999999%" id="mcps1.3.4.3.7.2.2.2.3.1.2"><p id="obs_40_0027__p1116017477415"><strong id="obs_40_0027__b193799783283133">Description</strong></p>
+<th align="left" class="cellrowborder" valign="top" width="73.11999999999999%" id="mcps1.3.4.4.7.2.2.2.3.1.2"><p id="obs_40_0027__p1116017477415"><strong id="obs_40_0027__b193799783283133">Description</strong></p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0027__row16160184712419"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.3.7.2.2.2.3.1.1 "><p id="obs_40_0027__p6160547946">Policy Mode</p>
+<tbody><tr id="obs_40_0027__row16160184712419"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.4.7.2.2.2.3.1.1 "><p id="obs_40_0027__p6160547946">Policy Mode</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.3.7.2.2.2.3.1.2 "><p id="obs_40_0027__p181601247141">Select <strong id="obs_40_0027__b147830793583133">Customized</strong>.</p>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.4.7.2.2.2.3.1.2 "><p id="obs_40_0027__p181601247141">Select <strong id="obs_40_0027__b147830793583133">Customized</strong>.</p>
 </td>
 </tr>
-<tr id="obs_40_0027__row1160147646"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.3.7.2.2.2.3.1.1 "><p id="obs_40_0027__p131601747141">Effect</p>
+<tr id="obs_40_0027__row1160147646"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.4.7.2.2.2.3.1.1 "><p id="obs_40_0027__p131601747141">Effect</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.3.7.2.2.2.3.1.2 "><p id="obs_40_0027__p181601947341">Select <strong id="obs_40_0027__b161986717583133">Allow</strong>.</p>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.4.7.2.2.2.3.1.2 "><p id="obs_40_0027__p181601947341">Select <strong id="obs_40_0027__b161986717583133">Allow</strong>.</p>
 </td>
 </tr>
-<tr id="obs_40_0027__row16160164712410"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.3.7.2.2.2.3.1.1 "><p id="obs_40_0027__p191604477414">Principal</p>
+<tr id="obs_40_0027__row16160164712410"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.4.7.2.2.2.3.1.1 "><p id="obs_40_0027__p191604477414">Principal</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.3.7.2.2.2.3.1.2 "><ul id="obs_40_0027__ul181601471649"><li id="obs_40_0027__li1160114718412">Select <strong id="obs_40_0027__b192440240683133">Include</strong> &gt; <strong id="obs_40_0027__b152342617883133">Other account</strong>.</li><li id="obs_40_0027__li2160174716415"><strong id="obs_40_0027__b78011653141610">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0027__b1680211537162">My Credentials</strong> page of the account or the IAM user.</li><li id="obs_40_0027__li61600471347"><strong id="obs_40_0027__b313159181718">User ID</strong>: Enter the ID of the IAM user under the authorized account. You can obtain the ID on the <strong id="obs_40_0027__b10184981717">My Credentials</strong> page of the IAM user. The wildcard character (*) is supported, indicating that the setting takes effect for all IAM users under the account.</li></ul>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.4.7.2.2.2.3.1.2 "><ul id="obs_40_0027__ul181601471649"><li id="obs_40_0027__li1160114718412">Select <strong id="obs_40_0027__b192440240683133">Include</strong> &gt; <strong id="obs_40_0027__b152342617883133">Other account</strong>.</li><li id="obs_40_0027__li2160174716415"><strong id="obs_40_0027__b061915551419">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0027__b166198541416">My Credentials</strong> page of the account or the IAM user. The ID of account <strong id="obs_40_0027__b7272171014141">A</strong> is used as an example here.</li><li id="obs_40_0027__li61600471347"><strong id="obs_40_0027__b4285102016147">User ID</strong>: Enter the ID of the IAM user under the authorized account. You can obtain the ID on the <strong id="obs_40_0027__b2285102031415">My Credentials</strong> page of the IAM user. The wildcard character (*) is supported, indicating that the setting takes effect for all IAM users under the account. The ID of IAM user <strong id="obs_40_0027__b36593224147">A</strong> under account <strong id="obs_40_0027__b16659322121410">A</strong> is used as an example here.</li></ul>
 </td>
 </tr>
-<tr id="obs_40_0027__row10160204710411"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.3.7.2.2.2.3.1.1 "><p id="obs_40_0027__p1016044713420">Resources</p>
+<tr id="obs_40_0027__row10160204710411"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.4.7.2.2.2.3.1.1 "><p id="obs_40_0027__p1016044713420">Resources</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.3.7.2.2.2.3.1.2 "><p id="obs_40_0027__p469991819814">Select <strong id="obs_40_0027__b9861802783133">Include</strong> &gt; <strong id="obs_40_0027__b80210064283133">Entire bucket</strong>.</p>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.4.7.2.2.2.3.1.2 "><p id="obs_40_0027__p469991819814">Select <strong id="obs_40_0027__b9861802783133">Include</strong> &gt; <strong id="obs_40_0027__b80210064283133">Entire bucket</strong>.</p>
 </td>
 </tr>
-<tr id="obs_40_0027__row111601647047"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.3.7.2.2.2.3.1.1 "><p id="obs_40_0027__p51602471046">Actions</p>
+<tr id="obs_40_0027__row111601647047"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.4.7.2.2.2.3.1.1 "><p id="obs_40_0027__p51602471046">Actions</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.3.7.2.2.2.3.1.2 "><ul id="obs_40_0027__ul1416015471445"><li id="obs_40_0027__li71606471349"><strong id="obs_40_0027__b147829789083133">Include</strong></li><li id="obs_40_0027__li1716013477410"><strong id="obs_40_0027__b9985102018170">Action Name</strong>: ListBucket</li></ul>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.4.7.2.2.2.3.1.2 "><ul id="obs_40_0027__ul1416015471445"><li id="obs_40_0027__li71606471349"><strong id="obs_40_0027__b147829789083133">Include</strong></li><li id="obs_40_0027__li1716013477410"><strong id="obs_40_0027__b9985102018170">Action Name</strong>: ListBucket</li></ul>
 <p id="obs_40_0027__p416010472415">To configure other specified permissions on buckets, select the corresponding actions. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0027__li8587936895"><span>Click <strong id="obs_40_0027__b10834667302">OK</strong>. The bucket policy for listing objects in the bucket is created. </span></li></ol>
+</p></li><li id="obs_40_0027__li8587936895"><span>Click <strong id="obs_40_0027__b10834667302">OK</strong>.</span></li></ol>
 </div>
-<div class="section" id="obs_40_0027__section162831454172820"><h4 class="sectiontitle">Configuration Procedure 2: Configure an IAM Permission That Allows Specified Operations</h4><p id="obs_40_0027__p66814918151"><strong id="obs_40_0027__b21231838183418">The account to which the authorized IAM user belongs needs to configure the IAM permission for the IAM user to perform specified operations on the specified bucket. The allowed operations must be the same as those specified in the bucket policy.</strong></p>
-<ol id="obs_40_0027__ol1236856151519"><li id="obs_40_0027__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0027__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0027__b1691062512585">Service List</strong> &gt; <strong id="obs_40_0027__b69105251589">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0027__b16910122516588">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0027__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0027__b1512132945610">Permissions</strong>.</span></li><li id="obs_40_0027__li1388483016366"><span>Click <strong id="obs_40_0027__b418324575815">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0027__li1161395452712"><span>Configure parameters for a custom policy.</span><p><div class="fignone" id="obs_40_0027__fig2687192003913"><span class="figcap"><b>Figure 3 </b>Configuring a custom policy</span><br><span><img id="obs_40_0027__image66888207395" src="en-us_image_0000001436303585.png"></span></div>
+<div class="section" id="obs_40_0027__section162831454172820"><h4 class="sectiontitle">Procedure 2: The Account Grants Permissions to IAM Users Under It.</h4><p id="obs_40_0027__p66814918151"><strong id="obs_40_0027__b1569216472268">The account (not the bucket owner) needs to grant permissions to its IAM users to perform specified operations on the bucket. (The allowed operations must be the same as those allowed in the bucket policy.)</strong></p>
+<p id="obs_40_0027__p1014617590515">In this example, account <strong id="obs_40_0027__b1264811420293">A</strong> needs to grant IAM user <strong id="obs_40_0027__b38544718308">A</strong> the permissions to upload objects to and download objects from bucket <strong id="obs_40_0027__b1916194433418">B</strong> of account <strong id="obs_40_0027__b16562184513345">B</strong>.</p>
+<ol id="obs_40_0027__ol1236856151519"><li id="obs_40_0027__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0027__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0027__b1691062512585">Service List</strong> &gt; <strong id="obs_40_0027__b69105251589">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0027__b16910122516588">Identity and Access Management</strong>.</span></li><li id="obs_40_0027__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0027__b1512132945610">Permissions</strong>.</span></li><li id="obs_40_0027__li1388483016366"><span>Click <strong id="obs_40_0027__b418324575815">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0027__li1161395452712"><span>Configure a custom policy.</span><p><div class="fignone" id="obs_40_0027__fig2687192003913"><span class="figcap"><b>Figure 3 </b>Configuring a custom policy</span><br><span><img id="obs_40_0027__image66888207395" src="en-us_image_0000001436303585.png"></span></div>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0027__table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0027__row6375927132818"><th align="left" class="cellrowborder" valign="top" width="25.25%" id="mcps1.3.5.3.5.2.2.2.3.1.1"><p id="obs_40_0027__p23757272286"><strong id="obs_40_0027__b28417750883133">Parameter</strong></p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0027__table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0027__row6375927132818"><th align="left" class="cellrowborder" valign="top" width="25.25%" id="mcps1.3.5.4.5.2.2.2.3.1.1"><p id="obs_40_0027__p23757272286"><strong id="obs_40_0027__b28417750883133">Parameter</strong></p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="74.75%" id="mcps1.3.5.3.5.2.2.2.3.1.2"><p id="obs_40_0027__p63751027152820"><strong id="obs_40_0027__b26899984083133">Description</strong></p>
+<th align="left" class="cellrowborder" valign="top" width="74.75%" id="mcps1.3.5.4.5.2.2.2.3.1.2"><p id="obs_40_0027__p63751027152820"><strong id="obs_40_0027__b26899984083133">Description</strong></p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0027__row17375102752819"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0027__p1737572772816">Policy Name</p>
+<tbody><tr id="obs_40_0027__row17375102752819"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0027__p1737572772816">Policy Name</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0027__p83758278280">Name of the custom policy</p>
+<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0027__p83758278280">Enter a policy name.</p>
 </td>
 </tr>
-<tr id="obs_40_0027__row1937592712288"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0027__p173753272284">Policy View</p>
+<tr id="obs_40_0027__row1937592712288"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0027__p173753272284">Policy View</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0027__p17375102714285">Set this parameter based on your own habits. <strong id="obs_40_0027__b5945184661613">Visual editor</strong> is used here.</p>
+<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0027__p17375102714285">Select one based on your own habits. <strong id="obs_40_0027__b49561628698">Visual editor</strong> is used here.</p>
 </td>
 </tr>
-<tr id="obs_40_0027__row133751227142812"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0027__p203751027172816">Policy Content</p>
+<tr id="obs_40_0027__row133751227142812"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0027__p203751027172816">Policy Content</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><ul id="obs_40_0027__ul127691549205313"><li id="obs_40_0027__li167691496533">Select <strong id="obs_40_0027__b116855133283133">Allow</strong>.</li><li id="obs_40_0027__li1676910494536">Select <strong id="obs_40_0027__b184236017183133">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0027__li7820139488">Select the actions to be authorized.<ul id="obs_40_0027__ul69955399229"><li id="obs_40_0027__li1872516591235">ReadOnly &gt; <strong id="obs_40_0027__b22871531133614">obs:bucket:ListBucketVersions</strong> and <strong id="obs_40_0027__b59451934163610">obs:object:GetObjectVersion</strong></li><li id="obs_40_0027__li1665116356242">ReadWrite &gt; <strong id="obs_40_0027__b173271339143610">obs:object:PutObject</strong></li><li id="obs_40_0027__li17906197258">ListOnly &gt; <strong id="obs_40_0027__b1872521911510">obs:bucket:ListBucket</strong> (Select this operation if you need to use OBS Browser+ to add external buckets.)</li></ul>
+<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><ul id="obs_40_0027__ul127691549205313"><li id="obs_40_0027__li167691496533">Select <strong id="obs_40_0027__b116855133283133">Allow</strong>.</li><li id="obs_40_0027__li1676910494536">Select <strong id="obs_40_0027__b184236017183133">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0027__li7820139488">Select the actions to be authorized.<ul id="obs_40_0027__ul69955399229"><li id="obs_40_0027__li1872516591235">ReadOnly &gt; <strong id="obs_40_0027__b22871531133614">obs:bucket:ListBucketVersions</strong> and <strong id="obs_40_0027__b59451934163610">obs:object:GetObjectVersion</strong></li><li id="obs_40_0027__li1665116356242">ReadWrite &gt; <strong id="obs_40_0027__b173271339143610">obs:object:PutObject</strong></li><li id="obs_40_0027__li17906197258">ListOnly &gt; <strong id="obs_40_0027__b1872521911510">obs:bucket:ListBucket</strong> (Select this operation if you need to use OBS Browser+ to add external buckets.)</li></ul>
 </li><li id="obs_40_0027__li68704665514">Choose <strong id="obs_40_0027__b15151242173911">Specific</strong> &gt; <strong id="obs_40_0027__b15807455392">object</strong> to specify an object resource. The specified object or object set must be consistent with the bucket policy.<ul id="obs_40_0027__ul7227154714396"><li id="obs_40_0027__li12453134313914">Select <strong id="obs_40_0027__b4466525204020">Any</strong> if the resource set in the bucket policy is <strong id="obs_40_0027__b14180185523910">*</strong>.</li><li id="obs_40_0027__li3741544114020">If the resource specified in the bucket policy is a specified object or a set of objects, you need to specify the object or the set of objects the same as that in the bucket policy through the resource path.<p id="obs_40_0027__p1074114410400"><a name="obs_40_0027__li3741544114020"></a><a name="li3741544114020"></a>[Format]</p>
-<p id="obs_40_0027__p187411344194016"><span style="color:#3D3F43;">obs:*:*:object:</span><em style="color:#3D3F43;" id="obs_40_0027__i77808511383133">bucket name/object name</em></p>
+<p id="obs_40_0027__p187411344194016">obs:*:*:object:<em id="obs_40_0027__i77808511383133">bucket name/object name</em></p>
 </li></ul>
 <p id="obs_40_0027__p91229174218">Select <strong id="obs_40_0027__b319612254320">Any</strong> as the bucket policy in this example is set to <strong id="obs_40_0027__b5796140204315">*</strong>.</p>
 </li><li id="obs_40_0027__li77691949175310">Choose <strong id="obs_40_0027__b5104552134718">Specific</strong> &gt; <strong id="obs_40_0027__b21741257194719">bucket</strong> &gt; <strong id="obs_40_0027__b17643171344818">Specify resource path</strong> to specify bucket resources.<p id="obs_40_0027__p10101021193215">Click <strong id="obs_40_0027__b41028378487">Add Resource Path</strong> and enter the name of the authorized bucket in the <strong id="obs_40_0027__b268910862517">Path</strong> text box, for example, <strong id="obs_40_0027__b56121432132516">example-bucket</strong>.</p>
@@ -122,16 +123,16 @@
 </li></ul>
 </td>
 </tr>
-<tr id="obs_40_0027__row148651211115420"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0027__p108861114155415">Scope</p>
+<tr id="obs_40_0027__row148651211115420"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.5.4.5.2.2.2.3.1.1 "><p id="obs_40_0027__p108861114155415">Scope</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0027__p1188611417541">The default value is <strong id="obs_40_0027__b139641917764">Global services</strong>.</p>
+<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.5.4.5.2.2.2.3.1.2 "><p id="obs_40_0027__p1188611417541">The default value is <strong id="obs_40_0027__b139641917764">Global services</strong>.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0027__li1293324623719"><span>Click <strong id="obs_40_0027__b15454772583133">OK</strong>. The custom policy is created.</span></li><li id="obs_40_0027__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0027__p1312812258417">Add the created custom policy to the user group by following the instructions in the IAM document.</p>
-</p></li><li id="obs_40_0027__li12273529113919"><span>Add the IAM user you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0027__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0027__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.</p>
+</p></li><li id="obs_40_0027__li1293324623719"><span>Click <strong id="obs_40_0027__b15454772583133">OK</strong>.</span></li><li id="obs_40_0027__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0027__p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
+</p></li><li id="obs_40_0027__li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0027__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0027__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
 </div></div>
 </p></li></ol>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0028.html b/docs/obs/perms-cfg/obs_40_0028.html
index 55c1b6ef..012bb849 100644
--- a/docs/obs/perms-cfg/obs_40_0028.html
+++ b/docs/obs/perms-cfg/obs_40_0028.html
@@ -1,16 +1,14 @@
 <a name="obs_40_0028"></a><a name="obs_40_0028"></a>
 
-<h1 class="topictitle1">Granting an Account Read Permissions on Certain Objects</h1>
-<div id="body1588765301379"><div class="section" id="obs_40_0028__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0028__p3431154410448">This case describes how to grant other accounts (excluding IAM users under the account) the read permission for an object or a type of objects in an OBS bucket. For details about how to grant permissions to an IAM user, see <a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket</a>.</p>
+<h1 class="topictitle1">Granting Other Accounts the Read Permission for Certain Objects</h1>
+<div id="body1588765301379"><div class="section" id="obs_40_0028__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0028__p3431154410448">This case describes how to grant other accounts (excluding IAM users under the account) the read permission for an object or a type of objects in an OBS bucket. For details about how to grant permissions to an IAM user, see <a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and the Resources in It</a>.</p>
 </div>
-<div class="section" id="obs_40_0028__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0028__p103657437515">You are advised to use bucket policies to grant permissions to other accounts.</p>
+<div class="section" id="obs_40_0028__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0028__p103657437515">Use bucket policies to grant permissions to other accounts.</p>
 </div>
-<div class="section" id="obs_40_0028__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0028__p1436151622312">The preset read-only mode of OBS has the following permissions:</p>
-<ul id="obs_40_0028__ul12273198112311"><li id="obs_40_0028__li1327378202314">GetObject: downloading objects</li><li id="obs_40_0028__li127318812235">GetObjectVersion: downloading versioned objects</li></ul>
-<p id="obs_40_0028__p817120327254">After the configuration is complete, you can read (download) specific objects using APIs. However, if you download an object from OBS Console or OBS Browser+, an error is reported indicating that you do not have required permissions.</p>
-<p id="obs_40_0028__p2027615802413">This is because when you log in to OBS Console or OBS Browser+, APIs (such as <strong id="obs_40_0028__b7957153916368">ListAllMyBuckets</strong> and <strong id="obs_40_0028__b13277941123615">ListBucket</strong>) are called to load the bucket list and object list and some other APIs will also be called on other pages, but your permissions do not cover those APIs. In such case, your access is denied or your operation is not allowed.</p>
+<div class="section" id="obs_40_0028__section786219432319"><h4 class="sectiontitle">Precautions</h4><p id="obs_40_0028__p817120327254">After configuration, they can read (download) specific objects using APIs. However, if they download an object from OBS Console or OBS Browser+, a message will be displayed, indicating that they do not have required permissions.</p>
+<p id="obs_40_0028__p2027615802413">When they log in to OBS Console or OBS Browser+, the <strong id="obs_40_0028__b13505139164020">ListAllMyBuckets</strong> APi is called to load the bucket list and some other APIs will also be called on other pages, but their permissions do not cover those APIs. In such case, the message is displayed.</p>
 </div>
-<div class="section" id="obs_40_0028__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0028__ol745117710219"><li id="obs_40_0028__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0028__b166521479587">Object Storage</strong>.</span></li><li id="obs_40_0028__li104511752115"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0028__b327691211374">Overview</strong> page.</span></li><li id="obs_40_0028__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0028__b17881115474513">Permissions</strong>.</span></li><li id="obs_40_0028__li49461065486"><span>On the <strong id="obs_40_0028__b344716607">Bucket Policies</strong> page, click <strong id="obs_40_0028__b14482614015">Create Bucket Policy</strong> under <strong id="obs_40_0028__b04481366013">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0028__li3552175452220"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0028__fig7676182754111"><span class="figcap"><b>Figure 1 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0028__image13678227144115" src="en-us_image_0000001385864766.png"></span></div>
+<div class="section" id="obs_40_0028__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0028__ol745117710219"><li id="obs_40_0028__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0028__b166521479587">Object Storage</strong>.</span></li><li id="obs_40_0028__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0028__b5521423524140">Overview</strong> page.</span></li><li id="obs_40_0028__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0028__b12419074589057">Permissions</strong>.</span></li><li id="obs_40_0028__li1568715376490"><span>On the <strong id="obs_40_0028__b344716607">Bucket Policies</strong> page, click <strong id="obs_40_0028__b14482614015">Create Bucket Policy</strong> under <strong id="obs_40_0028__b04481366013">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0028__li3552175452220"><span>Configure a bucket policy.</span><p><div class="fignone" id="obs_40_0028__fig7676182754111"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span><br><span><img id="obs_40_0028__image13678227144115" src="en-us_image_0000001385864766.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0028__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0028__row27504174239"><th align="left" class="cellrowborder" valign="top" width="23.82%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0028__p107559176234"><strong id="obs_40_0028__b8746130373493">Parameter</strong></p>
 </th>
@@ -25,7 +23,7 @@
 </tr>
 <tr id="obs_40_0028__row8783617122317"><td class="cellrowborder" valign="top" width="23.82%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0028__p478519172231">Principal</p>
 </td>
-<td class="cellrowborder" valign="top" width="76.18%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0028__ul1341145419174"><li id="obs_40_0028__li6417546174">Select <strong id="obs_40_0028__b21387414843493">Include</strong> &gt; <strong id="obs_40_0028__b12867007463493">Other account</strong>.</li><li id="obs_40_0028__li4253125801711"><strong id="obs_40_0028__b3494121513548">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0028__b9495315195418">My Credentials</strong> page of the account.</li><li id="obs_40_0028__li1530533711817"><strong id="obs_40_0028__b7183291173493">User ID</strong>: Enter the account ID, which can be obtained from the <strong id="obs_40_0028__b5979426203493">My Credentials</strong> page of the account.<div class="note" id="obs_40_0028__note8498202544611"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0028__p15498192594615">In this example, permissions are granted to an account, excluding any IAM user under the account. Therefore, the user ID is the same as the account ID.</p>
+<td class="cellrowborder" valign="top" width="76.18%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0028__ul1341145419174"><li id="obs_40_0028__li6417546174">Select <strong id="obs_40_0028__b21387414843493">Include</strong> &gt; <strong id="obs_40_0028__b12867007463493">Other account</strong>.</li><li id="obs_40_0028__li4253125801711"><strong id="obs_40_0028__b3494121513548">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0028__b9495315195418">My Credentials</strong> page of the account.</li><li id="obs_40_0028__li1530533711817"><strong id="obs_40_0028__b6565838221">User ID</strong>: Enter the account ID. You can obtain it from the <strong id="obs_40_0028__b056610381929">My Credentials</strong> page of the account.<div class="note" id="obs_40_0028__note8498202544611"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0028__p15498192594615">In this example, permissions are granted to an account, excluding any IAM user under the account. Therefore, the user ID is the same as the account ID.</p>
 </div></div>
 </li></ul>
 </td>
@@ -40,7 +38,7 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0028__li4406132611218"><span>Click <strong id="obs_40_0028__b913976893493">OK</strong>. The bucket policy is created.</span></li></ol>
+</p></li><li id="obs_40_0028__li4406132611218"><span>Click <strong id="obs_40_0028__b913976893493">OK</strong>.</span></li></ol>
 </div>
 </div>
 <div>
diff --git a/docs/obs/perms-cfg/obs_40_0029.html b/docs/obs/perms-cfg/obs_40_0029.html
index 51720e6c..448a8a5e 100644
--- a/docs/obs/perms-cfg/obs_40_0029.html
+++ b/docs/obs/perms-cfg/obs_40_0029.html
@@ -1,16 +1,16 @@
 <a name="obs_40_0029"></a><a name="obs_40_0029"></a>
 
-<h1 class="topictitle1">Granting an Account the Specified Permissions on Certain Objects</h1>
-<div id="body1588765301379"><div class="section" id="obs_40_0029__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0029__p1829466339">This case describes how to grant other accounts the specified operation permission on a specified object in an OBS bucket. The following describes how to grant the permission to download an object.</p>
-<p id="obs_40_0029__p131221236151420">If you need to configure other permissions, select the corresponding actions from the <strong id="obs_40_0029__b100374449134854">Action Name</strong> drop-down list in the bucket policy. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
-<p id="obs_40_0029__p3431154410448">For details about how to grant permissions to an IAM user, see <a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket</a>.</p>
+<h1 class="topictitle1">Granting Other Accounts Specific Permissions for Specific Objects</h1>
+<div id="body1588765301379"><div class="section" id="obs_40_0029__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0029__p1829466339">This section describes how to grant other accounts the permissions to download an object from a bucket.</p>
+<p id="obs_40_0029__p131221236151420">To grant other permissions, select required actions from <strong id="obs_40_0029__b96795611191">Action Name</strong> in the bucket policy. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
+<p id="obs_40_0029__p3431154410448">For details about how to grant permissions to an IAM user, see <a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and the Resources in It</a>.</p>
 </div>
-<div class="section" id="obs_40_0029__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0029__p103657437515">You are advised to use bucket policies to grant permissions to other accounts.</p>
+<div class="section" id="obs_40_0029__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0029__p103657437515">Use bucket policies to grant permissions to other accounts.</p>
 </div>
-<div class="section" id="obs_40_0029__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0029__p4883191595712">After the configuration is complete, you can download objects using APIs. However, if you log in to OBS Console or OBS Browser+ to download an object, an error is reported indicating that you do not have required permissions.</p>
-<p id="obs_40_0029__p3603656113417">This is because when you log in to OBS Console or OBS Browser+, APIs (such as <strong id="obs_40_0029__b787091743816">ListAllMyBuckets</strong> and <strong id="obs_40_0029__b64222195381">ListBucket</strong>) are called to load the bucket list and object list and some other APIs will also be called on other pages, but your permissions do not cover those APIs. In such case, your access is denied or your operation is not allowed.</p>
+<div class="section" id="obs_40_0029__section786219432319"><h4 class="sectiontitle">Precautions</h4><p id="obs_40_0029__p4883191595712">After configuration, they can download objects using APIs. However, if they download objects using OBS Console or OBS Browser+, a message will be displayed indicating that they do not have required permissions.</p>
+<p id="obs_40_0029__p3603656113417">When they log in to OBS Console or OBS Browser+, APIs (such as <strong id="obs_40_0029__b16431925203612">ListAllMyBuckets</strong> and <strong id="obs_40_0029__b06441825183618">ListBucket</strong>) are called to load the bucket list and object list and some other APIs will also be called on other pages, but their permissions do not cover those APIs. In such case, the message is displayed.</p>
 </div>
-<div class="section" id="obs_40_0029__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0029__ol170633855216"><li id="obs_40_0029__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0029__b1591195314582">Object Storage</strong>.</span></li><li id="obs_40_0029__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0029__b14813156103712">Overview</strong> page.</span></li><li id="obs_40_0029__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0029__b10759142594616">Permissions</strong>.</span></li><li id="obs_40_0029__li49461065486"><span>On the <strong id="obs_40_0029__b99977311234">Bucket Policies</strong> page, click <strong id="obs_40_0029__b499853111312">Create Bucket Policy</strong> under <strong id="obs_40_0029__b109980314316">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0029__li3552175452220"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0029__fig0845620144418"><span class="figcap"><b>Figure 1 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0029__image1984812015445" src="en-us_image_0000001386185594.png"></span></div>
+<div class="section" id="obs_40_0029__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0029__ol170633855216"><li id="obs_40_0029__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0029__b1591195314582">Object Storage</strong>.</span></li><li id="obs_40_0029__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0029__b51079271323834">Overview</strong> page.</span></li><li id="obs_40_0029__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0029__b11470415329058">Permissions</strong>.</span></li><li id="obs_40_0029__li1568715376490"><span>On the <strong id="obs_40_0029__b99977311234">Bucket Policies</strong> page, click <strong id="obs_40_0029__b499853111312">Create Bucket Policy</strong> under <strong id="obs_40_0029__b109980314316">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0029__li3552175452220"><span>Configure a bucket policy.</span><p><div class="fignone" id="obs_40_0029__fig0845620144418"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span><br><span><img id="obs_40_0029__image1984812015445" src="en-us_image_0000001386185594.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0029__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0029__row27504174239"><th align="left" class="cellrowborder" valign="top" width="23.599999999999998%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0029__p107559176234"><strong id="obs_40_0029__b118020145734854">Parameter</strong></p>
 </th>
@@ -30,7 +30,7 @@
 </tr>
 <tr id="obs_40_0029__row8783617122317"><td class="cellrowborder" valign="top" width="23.599999999999998%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0029__p478519172231">Principal</p>
 </td>
-<td class="cellrowborder" valign="top" width="76.4%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0029__ul1341145419174"><li id="obs_40_0029__li6417546174">Select <strong id="obs_40_0029__b26863363234854">Include</strong> &gt; <strong id="obs_40_0029__b157525699634854">Other account</strong>.</li><li id="obs_40_0029__li106259549386"><strong id="obs_40_0029__b1928953110544">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0029__b112897315540">My Credentials</strong> page of the account.</li><li id="obs_40_0029__li1530533711817"><strong id="obs_40_0029__b88083778734854">User ID</strong>: Enter the account ID, which can be obtained from the <strong id="obs_40_0029__b135638497834854">My Credentials</strong> page of the account.<div class="note" id="obs_40_0029__note8498202544611"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0029__p15498192594615">In this example, permissions are granted to an account, excluding any IAM user under the account. Therefore, the user ID is the same as the account ID.</p>
+<td class="cellrowborder" valign="top" width="76.4%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0029__ul1341145419174"><li id="obs_40_0029__li6417546174">Select <strong id="obs_40_0029__b26863363234854">Include</strong> &gt; <strong id="obs_40_0029__b157525699634854">Other account</strong>.</li><li id="obs_40_0029__li106259549386"><strong id="obs_40_0029__b1928953110544">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0029__b112897315540">My Credentials</strong> page of the account.</li><li id="obs_40_0029__li1530533711817"><strong id="obs_40_0029__b164461950622">User ID</strong>: Enter the account ID. You can obtain it from the <strong id="obs_40_0029__b2044617509214">My Credentials</strong> page of the account.<div class="note" id="obs_40_0029__note8498202544611"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0029__p15498192594615">In this example, permissions are granted to an account, excluding any IAM user under the account. Therefore, the user ID is the same as the account ID.</p>
 </div></div>
 </li></ul>
 </td>
@@ -51,7 +51,7 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0029__li4406132611218"><span>Click <strong id="obs_40_0029__b164104890034854">OK</strong>. The bucket policy is created.</span></li></ol>
+</p></li><li id="obs_40_0029__li4406132611218"><span>Click <strong id="obs_40_0029__b164104890034854">OK</strong>.</span></li></ol>
 </div>
 </div>
 <div>
diff --git a/docs/obs/perms-cfg/obs_40_0030.html b/docs/obs/perms-cfg/obs_40_0030.html
index c47ec130..05fb53f1 100644
--- a/docs/obs/perms-cfg/obs_40_0030.html
+++ b/docs/obs/perms-cfg/obs_40_0030.html
@@ -4,18 +4,18 @@
 <div id="body1588765301379"></div>
 <div>
 <ul class="ullinks">
-<li class="ulchildlink"><strong><a href="obs_40_0031.html">Granting Anonymous Users Public Read Permissions on a Bucket</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0031.html">Granting Anonymous Users the Public Read Permission for a Bucket</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0032.html">Granting Anonymous Users Public Read Permissions on a Directory</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0032.html">Granting Anonymous Users the Read Permission for a Directory</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0033.html">Granting Anonymous Users Public Read Permissions on Certain Objects</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0033.html">Granting Anonymous Users the Read Permission for Certain Objects</a></strong><br>
 </li>
 <li class="ulchildlink"><strong><a href="obs_40_0034.html">Temporarily Sharing Objects with Anonymous Users</a></strong><br>
 </li>
 </ul>
 
 <div class="familylinks">
-<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Configuration Cases in Typical Permission Control Scenarios</a></div>
+<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Permission Configuration in Typical Scenarios</a></div>
 </div>
 </div>
 
diff --git a/docs/obs/perms-cfg/obs_40_0031.html b/docs/obs/perms-cfg/obs_40_0031.html
index d33eddf4..058001ca 100644
--- a/docs/obs/perms-cfg/obs_40_0031.html
+++ b/docs/obs/perms-cfg/obs_40_0031.html
@@ -1,59 +1,12 @@
 <a name="obs_40_0031"></a><a name="obs_40_0031"></a>
 
-<h1 class="topictitle1">Granting Anonymous Users Public Read Permissions on a Bucket</h1>
+<h1 class="topictitle1">Granting Anonymous Users the Public Read Permission for a Bucket</h1>
 <div id="body1588765301379"><div class="section" id="obs_40_0031__section142631357463"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0031__p15459915718">If a bucket needs to be accessed by anonymous users, you can configure a bucket policy and bucket ACL to grant the access permission to anonymous users. The following uses a bucket policy as an example.</p>
 </div>
-<div class="section" id="obs_40_0031__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0031__p1436151622312">The <strong id="obs_40_0031__b175608381563">Public Read</strong> policy allows any user to read objects in a bucket. <strong id="obs_40_0031__b17891815245">Public Read</strong> has the following permissions:</p>
-<ul id="obs_40_0031__ul979910296419"><li id="obs_40_0031__li979902918414">GetObject: downloading objects</li><li id="obs_40_0031__li2079952914417">GetObjectVersion: downloading versioned objects</li><li id="obs_40_0031__li2079918294411">HeadBucket: checking whether a bucket exists</li><li id="obs_40_0031__li107991329549">ListBucket: listing objects in a bucket and obtaining the bucket metadata<div class="note" id="obs_40_0031__note171618381482"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0031__p101623854811">When you access a bucket through its domain name, the ListBucket permission allows you to list all objects in the bucket. If you want to restrict this permission to specified users under an account, see <a href="#obs_40_0031__section191491712418">Related Scenario: Canceling the ListBucket Permission from the Public Read Policy</a>.</p>
-</div></div>
-</li></ul>
-</div>
-<div class="section" id="obs_40_0031__section68804531942"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0031__ol1570512004013"><li id="obs_40_0031__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0031__b160151135915">Object Storage</strong>.</span></li><li id="obs_40_0031__li143061822104011"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0031__b10742152483810">Overview</strong> page.</span></li><li id="obs_40_0031__li125741927104010"><span>In the navigation pane, choose <strong id="obs_40_0031__b162092054144616">Permissions</strong>.</span></li><li id="obs_40_0031__li179542323403"><span>On the <strong id="obs_40_0031__b42597237711">Bucket Policies</strong> tab page, select the <strong id="obs_40_0031__b598162894">Public Read</strong> policy for the bucket in the <strong id="obs_40_0031__b13341122995">Standard Bucket Policies</strong> area.</span><p><div class="fignone" id="obs_40_0031__fig47171574453"><span class="figcap"><b>Figure 1 </b>Granting public read permissions on buckets to anonymous users</span><br><span><img id="obs_40_0031__image1972015576455" src="en-us_image_0000001436305909.png"></span></div>
+<div class="section" id="obs_40_0031__section68804531942"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0031__ol1570512004013"><li id="obs_40_0031__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0031__b160151135915">Object Storage</strong>.</span></li><li id="obs_40_0031__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0031__b23434528723836">Overview</strong> page.</span></li><li id="obs_40_0031__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0031__b857726282910">Permissions</strong>.</span></li><li id="obs_40_0031__li1568715376490"><span>On the <strong id="obs_40_0031__b8147659583330">Bucket Policies</strong> page, click <strong id="obs_40_0031__b11638887203330">Create Bucket Policy</strong> under <strong id="obs_40_0031__b4918743533330">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0031__li179542323403"><span>On the <strong id="obs_40_0031__b42597237711">Bucket Policies</strong> tab page, select the <strong id="obs_40_0031__b598162894">Public Read</strong> policy for the bucket in the <strong id="obs_40_0031__b13341122995">Standard Bucket Policies</strong> area.</span><p><div class="fignone" id="obs_40_0031__fig47171574453"><span class="figcap"><b>Figure 1 </b>Granting public read permissions on buckets to anonymous users</span><br><span><img id="obs_40_0031__image1972015576455" src="en-us_image_0000001436305909.png"></span></div>
 </p></li></ol>
 </div>
-<div class="section" id="obs_40_0031__section6487417124"><h4 class="sectiontitle">Verification</h4><ol id="obs_40_0031__ol2572461220"><li id="obs_40_0031__li155714141220"><span>After the permission is set, in the <strong id="obs_40_0031__b6691112521111">Basic Information </strong>area of the bucket details page, locate <strong id="obs_40_0031__b1092919328113">Access Domain Name</strong>. Share the URL of the access domain name over the Internet so that all Internet users can access the bucket.</span></li><li id="obs_40_0031__li18579413121"><span>On the <strong id="obs_40_0031__b5887104421216">Objects</strong> tab page of the bucket, click the target object name and find the object link. Share the object link over the Internet so that all Internet users can access the object.</span></li></ol>
-</div>
-<div class="section" id="obs_40_0031__section191491712418"><a name="obs_40_0031__section191491712418"></a><a name="section191491712418"></a><h4 class="sectiontitle">Related Scenario: Canceling the ListBucket Permission from the Public Read Policy</h4><p id="obs_40_0031__p56019208246">If you want to restrict the ListBucket permission to specified users under an account, you need to configure another bucket policy.</p>
-<ol id="obs_40_0031__ol170633855216"><li id="obs_40_0031__li659013400614"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0031__b55115455918">Object Storage</strong>.</span></li><li id="obs_40_0031__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0031__b2049817312386">Overview</strong> page.</span></li><li id="obs_40_0031__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0031__b9424181334719">Permissions</strong>.</span></li><li id="obs_40_0031__li49461065486"><span>On the <strong id="obs_40_0031__b9734530112714">Bucket Policies</strong> page, click <strong id="obs_40_0031__b3734163017278">Create Bucket Policy</strong> under <strong id="obs_40_0031__b13735103020272">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0031__li1470617571214"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0031__fig163820984812"><span class="figcap"><b>Figure 2 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0031__image46401934816" src="en-us_image_0000001436265909.png"></span></div>
-
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0031__table3706135201215" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0031__row2070620591220"><th align="left" class="cellrowborder" valign="top" width="23.72%" id="mcps1.3.5.3.5.2.2.2.3.1.1"><p id="obs_40_0031__p1770714531211">Parameter</p>
-</th>
-<th align="left" class="cellrowborder" valign="top" width="76.28%" id="mcps1.3.5.3.5.2.2.2.3.1.2"><p id="obs_40_0031__p47078561217">Description</p>
-</th>
-</tr>
-</thead>
-<tbody><tr id="obs_40_0031__row3707105161213"><td class="cellrowborder" valign="top" width="23.72%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0031__p1270710541217">Policy Mode</p>
-</td>
-<td class="cellrowborder" valign="top" width="76.28%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0031__p1070720571218">Select <strong id="obs_40_0031__b138081140121918">Customized</strong>.</p>
-</td>
-</tr>
-<tr id="obs_40_0031__row0282443111316"><td class="cellrowborder" valign="top" width="23.72%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0031__p1528214351316">Effect</p>
-</td>
-<td class="cellrowborder" valign="top" width="76.28%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0031__p628264361310">Select <strong id="obs_40_0031__b16649173421917">Deny</strong>.</p>
-</td>
-</tr>
-<tr id="obs_40_0031__row27071453128"><td class="cellrowborder" valign="top" width="23.72%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0031__p9707195171215">Principal</p>
-</td>
-<td class="cellrowborder" valign="top" width="76.28%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><div class="p" id="obs_40_0031__p6494105119184">Select <strong id="obs_40_0031__b191115411198">Exclude</strong>.<ul id="obs_40_0031__ul480721115180"><li id="obs_40_0031__li1024761941819">Select <strong id="obs_40_0031__b1294415814519">Cloud service user</strong>.</li><li id="obs_40_0031__li4245545161814"><strong id="obs_40_0031__b5401347104513">Account ID</strong>: Enter <strong id="obs_40_0031__b187851783471">*</strong> to indicate all anonymous users.</li><li id="obs_40_0031__li1703812151919"><strong id="obs_40_0031__b9747912195018">User ID</strong>: Enter one or more user IDs separated by a comma (,).</li></ul>
-</div>
-</td>
-</tr>
-<tr id="obs_40_0031__row187079581216"><td class="cellrowborder" valign="top" width="23.72%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0031__p47071520126">Resources</p>
-</td>
-<td class="cellrowborder" valign="top" width="76.28%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0031__p134612281416">Select <strong id="obs_40_0031__b846133113818">Include</strong> &gt; <strong id="obs_40_0031__b164753317383">Entire bucket</strong>.</p>
-</td>
-</tr>
-<tr id="obs_40_0031__row16898181610148"><td class="cellrowborder" valign="top" width="23.72%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0031__p989841691413">Actions</p>
-</td>
-<td class="cellrowborder" valign="top" width="76.28%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><ul id="obs_40_0031__ul48235222144"><li id="obs_40_0031__li1182312214143"><strong id="obs_40_0031__b5333242143817">Include</strong></li><li id="obs_40_0031__li04383583015"><strong id="obs_40_0031__b15385194483811">Action Name</strong>:<ul id="obs_40_0031__ul7641371302"><li id="obs_40_0031__li1533815258143">ListBucket</li></ul>
-</li></ul>
-</td>
-</tr>
-</tbody>
-</table>
-</div>
-</p></li><li id="obs_40_0031__li1940154881411"><span>Click <strong id="obs_40_0031__b3538154817386">OK</strong>. The bucket policy is created.</span></li></ol>
-<p id="obs_40_0031__p20864640131817"><strong id="obs_40_0031__b1441511883919">Verification</strong>: After the permission is set, in the <strong id="obs_40_0031__b1782519507385">Basic Information</strong> area of the bucket details page, locate <strong id="obs_40_0031__b18826165073818">Access Domain Name</strong>. Publish the URL on the Internet, and verify that only specified users can list objects in the bucket.</p>
+<div class="section" id="obs_40_0031__section6487417124"><h4 class="sectiontitle">Verification</h4><ol id="obs_40_0031__ol2572461220"><li id="obs_40_0031__li155714141220"><span>After the permission is set, in the <strong id="obs_40_0031__b6691112521111">Basic Information </strong>area of the bucket overview page, locate <strong id="obs_40_0031__b1092919328113">Access Domain Name</strong>. Share the URL of the access domain name over the Internet so that all Internet users can access the bucket.</span></li><li id="obs_40_0031__li18579413121"><span>On the <strong id="obs_40_0031__b5887104421216">Objects</strong> tab page of the bucket, click the target object name and find the object link. Share the object link over the Internet so that all Internet users can access the object.</span></li></ol>
 </div>
 </div>
 <div>
diff --git a/docs/obs/perms-cfg/obs_40_0032.html b/docs/obs/perms-cfg/obs_40_0032.html
index 6bfedda1..c718a7ca 100644
--- a/docs/obs/perms-cfg/obs_40_0032.html
+++ b/docs/obs/perms-cfg/obs_40_0032.html
@@ -1,32 +1,29 @@
 <a name="obs_40_0032"></a><a name="obs_40_0032"></a>
 
-<h1 class="topictitle1">Granting Anonymous Users Public Read Permissions on a Directory</h1>
+<h1 class="topictitle1">Granting Anonymous Users the Read Permission for a Directory</h1>
 <div id="body1588765301379"><div class="section" id="obs_40_0032__section10302454102718"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0032__p016716217280">If all objects in a folder need to be accessible to anonymous users, you can configure a bucket policy to grant anonymous users the permission to access the folder.</p>
 </div>
-<div class="section" id="obs_40_0032__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0032__p1436151622312">The preset read-only mode of OBS has the following permissions:</p>
-<ul id="obs_40_0032__ul12273198112311"><li id="obs_40_0032__li1327378202314">GetObject: downloading objects</li><li id="obs_40_0032__li127318812235">GetObjectVersion: downloading versioned objects</li></ul>
-</div>
-<div class="section" id="obs_40_0032__section14782838103419"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0032__ol1570512004013"><li id="obs_40_0032__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0032__b8597891590">Object Storage</strong>.</span></li><li id="obs_40_0032__li143061822104011"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0032__b1050710528386">Overview</strong> page.</span></li><li id="obs_40_0032__li125741927104010"><span>In the navigation pane, choose <strong id="obs_40_0032__b1576953414713">Permissions</strong>.</span></li><li id="obs_40_0032__li49461065486"><span>On the <strong id="obs_40_0032__b1489519200362">Bucket Policies</strong> page, click <strong id="obs_40_0032__b1089592019365">Create Bucket Policy</strong> under <strong id="obs_40_0032__b989662017360">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0032__li2143744184017"><span>Configure parameters according to the following table, so that you can grant anonymous users the permission to access the folder and objects in it.</span><p><div class="fignone" id="obs_40_0032__fig6569962519"><span class="figcap"><b>Figure 1 </b>Granting public read permissions on a specific directory for anonymous users</span><br><span><img id="obs_40_0032__image956918645119" src="en-us_image_0000001436146565.png"></span></div>
+<div class="section" id="obs_40_0032__section14782838103419"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0032__ol1570512004013"><li id="obs_40_0032__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0032__b8597891590">Object Storage</strong>.</span></li><li id="obs_40_0032__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0032__b140001826023837">Overview</strong> page.</span></li><li id="obs_40_0032__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0032__b2003948925912">Permissions</strong>.</span></li><li id="obs_40_0032__li1568715376490"><span>On the <strong id="obs_40_0032__b1489519200362">Bucket Policies</strong> page, click <strong id="obs_40_0032__b1089592019365">Create Bucket Policy</strong> under <strong id="obs_40_0032__b989662017360">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0032__li2143744184017"><span>Configure parameters according to the following table, so that you can grant anonymous users the permission to access the folder and objects in it.</span><p><div class="fignone" id="obs_40_0032__fig6569962519"><span class="figcap"><b>Figure 1 </b>Granting public read permissions on a specific directory for anonymous users</span><br><span><img id="obs_40_0032__image956918645119" src="en-us_image_0000001436146565.png"></span></div>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0032__table2481197162816" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for granting the permission to access a specified directory</caption><thead align="left"><tr id="obs_40_0032__row64826712819"><th align="left" class="cellrowborder" valign="top" width="31.71%" id="mcps1.3.3.2.5.2.2.2.3.1.1"><p id="obs_40_0032__p154822742816">Parameter</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0032__table2481197162816" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for granting the permission to access a specified directory</caption><thead align="left"><tr id="obs_40_0032__row64826712819"><th align="left" class="cellrowborder" valign="top" width="31.71%" id="mcps1.3.2.2.5.2.2.2.3.1.1"><p id="obs_40_0032__p154822742816">Parameter</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="68.28999999999999%" id="mcps1.3.3.2.5.2.2.2.3.1.2"><p id="obs_40_0032__p348297102815">Value</p>
+<th align="left" class="cellrowborder" valign="top" width="68.28999999999999%" id="mcps1.3.2.2.5.2.2.2.3.1.2"><p id="obs_40_0032__p348297102815">Value</p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0032__row1148237162814"><td class="cellrowborder" valign="top" width="31.71%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0032__p1348207182816">Policy Mode</p>
+<tbody><tr id="obs_40_0032__row1148237162814"><td class="cellrowborder" valign="top" width="31.71%" headers="mcps1.3.2.2.5.2.2.2.3.1.1 "><p id="obs_40_0032__p1348207182816">Policy Mode</p>
 </td>
-<td class="cellrowborder" valign="top" width="68.28999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0032__p174828712280">Select <strong id="obs_40_0032__b213864775734844">Read-only</strong>.</p>
+<td class="cellrowborder" valign="top" width="68.28999999999999%" headers="mcps1.3.2.2.5.2.2.2.3.1.2 "><p id="obs_40_0032__p174828712280">Select <strong id="obs_40_0032__b213864775734844">Read-only</strong>.</p>
 </td>
 </tr>
-<tr id="obs_40_0032__row1248257102810"><td class="cellrowborder" valign="top" width="31.71%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0032__p1848237112812">Principal</p>
+<tr id="obs_40_0032__row1248257102810"><td class="cellrowborder" valign="top" width="31.71%" headers="mcps1.3.2.2.5.2.2.2.3.1.1 "><p id="obs_40_0032__p1848237112812">Principal</p>
 </td>
-<td class="cellrowborder" valign="top" width="68.28999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><ul id="obs_40_0032__ul165818244347"><li id="obs_40_0032__li1024761941819">Choose <strong id="obs_40_0032__b22071319115415">Include</strong> &gt; <strong id="obs_40_0032__b1976619136555">Cloud service user</strong>.</li><li id="obs_40_0032__li4245545161814"><strong id="obs_40_0032__b1617217618472">Account ID</strong>: Enter <strong id="obs_40_0032__b10172564478">*</strong> to indicate all anonymous users.</li></ul>
+<td class="cellrowborder" valign="top" width="68.28999999999999%" headers="mcps1.3.2.2.5.2.2.2.3.1.2 "><ul id="obs_40_0032__ul165818244347"><li id="obs_40_0032__li1024761941819">Choose <strong id="obs_40_0032__b22071319115415">Include</strong> &gt; <strong id="obs_40_0032__b1976619136555">Cloud service user</strong>.</li><li id="obs_40_0032__li4245545161814"><strong id="obs_40_0032__b1617217618472">Account ID</strong>: Enter <strong id="obs_40_0032__b10172564478">*</strong> to indicate all anonymous users.</li></ul>
 </td>
 </tr>
-<tr id="obs_40_0032__row14826742812"><td class="cellrowborder" valign="top" width="31.71%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0032__p248287202815">Resources</p>
+<tr id="obs_40_0032__row14826742812"><td class="cellrowborder" valign="top" width="31.71%" headers="mcps1.3.2.2.5.2.2.2.3.1.1 "><p id="obs_40_0032__p248287202815">Resources</p>
 </td>
-<td class="cellrowborder" valign="top" width="68.28999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><ul id="obs_40_0032__ul1546684213419"><li id="obs_40_0032__li1846617424342"><strong id="obs_40_0032__b197173940834844">Include</strong></li><li id="obs_40_0032__li1046624217342">Select <strong id="obs_40_0032__b38593620234844">Specific resources</strong>.</li><li id="obs_40_0032__li8466144263418">Set this parameter to all objects in the selected folder. If the folder name is <strong id="obs_40_0032__b114874976234844">folder-001</strong>, enter the value <strong id="obs_40_0032__b161441472534844">folder-001/*</strong>.</li></ul>
+<td class="cellrowborder" valign="top" width="68.28999999999999%" headers="mcps1.3.2.2.5.2.2.2.3.1.2 "><ul id="obs_40_0032__ul1546684213419"><li id="obs_40_0032__li1846617424342"><strong id="obs_40_0032__b197173940834844">Include</strong></li><li id="obs_40_0032__li1046624217342">Select <strong id="obs_40_0032__b38593620234844">Specific resources</strong>.</li><li id="obs_40_0032__li8466144263418">Set this parameter to all objects in the selected folder. If the folder name is <strong id="obs_40_0032__b114874976234844">folder-001</strong>, enter the value <strong id="obs_40_0032__b161441472534844">folder-001/*</strong>.</li></ul>
 </td>
 </tr>
 </tbody>
diff --git a/docs/obs/perms-cfg/obs_40_0033.html b/docs/obs/perms-cfg/obs_40_0033.html
index d01d6bc4..5da0d767 100644
--- a/docs/obs/perms-cfg/obs_40_0033.html
+++ b/docs/obs/perms-cfg/obs_40_0033.html
@@ -1,6 +1,6 @@
 <a name="obs_40_0033"></a><a name="obs_40_0033"></a>
 
-<h1 class="topictitle1">Granting Anonymous Users Public Read Permissions on Certain Objects</h1>
+<h1 class="topictitle1">Granting Anonymous Users the Read Permission for Certain Objects</h1>
 <div id="body1588765301379"><div class="section" id="obs_40_0033__section168411647181311"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0033__p5371752191310">Enterprise A stores a large volume of map data in OBS, and offers the data for public query. This enterprise sets a read permission for anonymous users, and provides the data URLs on the Internet. Then all users can read or download the data through the URLs.</p>
 </div>
 <div class="section" id="obs_40_0033__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0033__ol1953255192117"><li id="obs_40_0033__li19953165510219"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0033__b26268398246">Object Storage</strong>.</span></li><li id="obs_40_0033__li11242915363"><span>In the bucket list, click the bucket to be operated. The <strong id="obs_40_0033__b1773692772714">Overview</strong> page of the bucket is displayed.</span></li><li id="obs_40_0033__en-us_topic_0066036523_li36003791"><span>In the navigation pane, click <strong id="obs_40_0033__b59428378321">Objects</strong>.</span></li><li id="obs_40_0033__li15268192485317"><span>Click the name of the object to be operated.</span></li><li id="obs_40_0033__li22531610122211"><span>On the <strong id="obs_40_0033__b1722312721714">Object ACL</strong> tab page, click the target object and click <strong id="obs_40_0033__b7908911191716">Object ACL</strong>.</span></li><li id="obs_40_0033__li11266619182214"><span>In <strong id="obs_40_0033__b65336746234847">Public Permissions</strong> &gt; <strong id="obs_40_0033__b10777947734847">Anonymous User</strong>, click <strong id="obs_40_0033__b84420656134847">Edit</strong> and select the object read permission for anonymous users.</span><p><div class="fignone" id="obs_40_0033__fig1549415185311"><span class="figcap"><b>Figure 1 </b>Granting the public read permission on objects to anonymous users</span><br><span><img id="obs_40_0033__image5491015175317" src="en-us_image_0000001436307565.png"></span></div>
diff --git a/docs/obs/perms-cfg/obs_40_0034.html b/docs/obs/perms-cfg/obs_40_0034.html
index 7ee68f0b..23a4190a 100644
--- a/docs/obs/perms-cfg/obs_40_0034.html
+++ b/docs/obs/perms-cfg/obs_40_0034.html
@@ -3,9 +3,9 @@
 <h1 class="topictitle1">Temporarily Sharing Objects with Anonymous Users</h1>
 <div id="body1588765301379"><div class="section" id="obs_40_0034__section25804574200"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0034__p15521311214">If you want to open an object to all users for a limited period of time, you can use the object sharing function.</p>
 </div>
-<div class="section" id="obs_40_0034__section692129689"><h4 class="sectiontitle">Procedure for Sharing a File</h4><ol id="obs_40_0034__ol165136117163"><li id="obs_40_0034__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0034__b1744151175514">Object Storage</strong>.</span></li><li id="obs_40_0034__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0034__b191461316103919">Overview</strong> page.</span></li><li id="obs_40_0034__en-us_topic_0066036523_li36003791"><span>In the navigation pane, click <strong id="obs_40_0034__b1174115514366">Objects</strong>.</span></li><li id="obs_40_0034__en-us_topic_0066036523_li55598663"><span>Locate the file to be shared and click <strong id="obs_40_0034__b15210976095923">Share</strong> in the <strong id="obs_40_0034__b90263948995923">Operation</strong> column.</span><p><p id="obs_40_0034__p654141612312">Once the <strong id="obs_40_0034__b201885158395923">Share File</strong> dialog box is opened, the URL is effective and valid for five minutes by default. If you change the validity period, the authentication information in the URL changes accordingly, and the URL's new validity period starts upon the change.</p>
-</p></li><li id="obs_40_0034__li113111832018"><span>Perform URL related operations.</span><p><ul id="obs_40_0034__ul36691545182112"><li id="obs_40_0034__li1167044516212">Click <strong id="obs_40_0034__b120831711595923">Open URL</strong> to preview the file on a new page or directly download it to your default download path.</li><li id="obs_40_0034__li475872122213">Click <strong id="obs_40_0034__b28125390595923">Copy Link</strong> to share the link to other users, so that they can enter the link to a web browser to access the file.</li><li id="obs_40_0034__li18612549152314">Click <strong id="obs_40_0034__b127888500595923">Copy Path</strong> to share the file path to users who have access permissions to the bucket. Then the users can search for the file by pasting the path to the search box of the bucket.</li></ul>
-<div class="note" id="obs_40_0034__note27664672718"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0034__p57734614276">Within the validity period of a URL, any user who has the URL can access the file.</p>
+<div class="section" id="obs_40_0034__section692129689"><h4 class="sectiontitle">Procedure for Sharing a File</h4><ol id="obs_40_0034__ol165136117163"><li id="obs_40_0034__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0034__b1744151175514">Object Storage</strong>.</span></li><li id="obs_40_0034__li9637182844515"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0034__b16954162011517">Objects</strong> page.</span></li><li id="obs_40_0034__en-us_topic_0066036523_li55598663"><span>Select the file to be shared and click <strong id="obs_40_0034__b1511014919473">Share</strong> in the <strong id="obs_40_0034__b116191234710">Operation</strong> column.</span><p><p id="obs_40_0034__p654141612312">Once the <strong id="obs_40_0034__b201885158395923">Share File</strong> dialog box is opened, the URL is effective and valid for five minutes by default. If you change the validity period, the authentication information in the URL changes accordingly, and the URL's new validity period starts upon the change.</p>
+</p></li><li id="obs_40_0034__li113111832018"><span>Perform URL related operations.</span><p><ul id="obs_40_0034__ul36691545182112"><li id="obs_40_0034__li1167044516212">Click <strong id="obs_40_0034__b120831711595923">Open in Browser</strong> to preview the file on a new page or directly download it to your default download path.</li><li id="obs_40_0034__li475872122213">Click <strong id="obs_40_0034__b28125390595923">Copy Link</strong> to share the link to other users, so that they can enter the link to a web browser to access the file.</li><li id="obs_40_0034__li18612549152314">Click <strong id="obs_40_0034__b127888500595923">Copy Path</strong> to share the file path to users who have access permissions to the bucket. Then the users can search for the file by pasting the path to the search box of the bucket.</li></ul>
+<div class="note" id="obs_40_0034__note27664672718"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0034__p57734614276">Within the URL validity period, anyone who has the URL can access the file.</p>
 </div></div>
 </p></li></ol>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0036.html b/docs/obs/perms-cfg/obs_40_0036.html
index efc81215..fdc384db 100644
--- a/docs/obs/perms-cfg/obs_40_0036.html
+++ b/docs/obs/perms-cfg/obs_40_0036.html
@@ -1,11 +1,11 @@
 <a name="obs_40_0036"></a><a name="obs_40_0036"></a>
 
-<h1 class="topictitle1">Preventing Specific IP Addresses from Accessing a Bucket</h1>
+<h1 class="topictitle1">Restricting Access to a Bucket for Specific IP Addresses</h1>
 <div id="body1593486216448"><div class="section" id="obs_40_0036__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0036__p3431154410448">This case describes how to restrict the source IP addresses that can access an OBS bucket. The following shows how to deny a client access whose source IP address is within the range of 114.115.1.0/24.</p>
 </div>
 <div class="section" id="obs_40_0036__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0036__p103657437515">Bucket policy</p>
 </div>
-<div class="section" id="obs_40_0036__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0036__ol170633855216"><li id="obs_40_0036__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0036__b107282205911">Object Storage</strong>.</span></li><li id="obs_40_0036__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0036__b10461155683917">Overview</strong> page.</span></li><li id="obs_40_0036__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0036__b1277821212494">Permissions</strong>.</span></li><li id="obs_40_0036__li49461065486"><span>On the <strong id="obs_40_0036__b0971531143711">Bucket Policies</strong> page, click <strong id="obs_40_0036__b16973131163713">Create Bucket Policy</strong> under <strong id="obs_40_0036__b49748316372">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0036__li3552175452220"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0036__fig84467351037"><span class="figcap"><b>Figure 1 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0036__image94489351433" src="en-us_image_0000001386029478.png"></span></div>
+<div class="section" id="obs_40_0036__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0036__ol170633855216"><li id="obs_40_0036__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0036__b107282205911">Object Storage</strong>.</span></li><li id="obs_40_0036__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0036__b152428572223838">Overview</strong> page.</span></li><li id="obs_40_0036__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0036__b1865245419914">Permissions</strong>.</span></li><li id="obs_40_0036__li1568715376490"><span>On the <strong id="obs_40_0036__b0971531143711">Bucket Policies</strong> page, click <strong id="obs_40_0036__b16973131163713">Create Bucket Policy</strong> under <strong id="obs_40_0036__b49748316372">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0036__li3552175452220"><span>Configure a bucket policy.</span><p><div class="fignone" id="obs_40_0036__fig84467351037"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span><br><span><img id="obs_40_0036__image94489351433" src="en-us_image_0000001386029478.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0036__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0036__row27504174239"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.3.2.5.2.2.2.3.1.1"><p id="obs_40_0036__p107559176234"><strong id="obs_40_0036__b1545917931102217">Parameter</strong></p>
 </th>
@@ -40,7 +40,7 @@
 </tr>
 <tr id="obs_40_0036__row138371643165416"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0036__p2329115416419">Conditions</p>
 </td>
-<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><ul id="obs_40_0036__ul4774185114612"><li id="obs_40_0036__li177741358462"><strong id="obs_40_0036__b783743033102217">Conditional Operator</strong>: <strong id="obs_40_0036__b1437887862102217">IpAddress</strong></li><li id="obs_40_0036__li1764818167461"><strong id="obs_40_0036__b7796443112616">Key</strong>: Select <strong id="obs_40_0036__b1479794342614">SourceIp</strong>.</li><li id="obs_40_0036__li295412744610"><strong id="obs_40_0036__b89081554112617">Value</strong>: Set it to <strong id="obs_40_0036__b199091354132617">114.115.1.0/24</strong>.<div class="note" id="obs_40_0036__note159463615311"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0036__p0954364536">Use commas (,) to separate multiple IP addresses.</p>
+<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><ul id="obs_40_0036__ul4774185114612"><li id="obs_40_0036__li177741358462"><strong id="obs_40_0036__b783743033102217">Conditional Operator</strong>: <strong id="obs_40_0036__b1437887862102217">IpAddress</strong></li><li id="obs_40_0036__li1764818167461"><strong id="obs_40_0036__b7796443112616">Key</strong>: Select <strong id="obs_40_0036__b1479794342614">SourceIp</strong>.</li><li id="obs_40_0036__li295412744610"><strong id="obs_40_0036__b8342151815327">Value</strong>: Enter <strong id="obs_40_0036__b534351893213">114.115.1.0/24</strong>.<div class="note" id="obs_40_0036__note159463615311"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0036__p0954364536">Use commas (,) to separate multiple IP addresses.</p>
 </div></div>
 </li></ul>
 </td>
@@ -50,16 +50,16 @@
 </div>
 <div class="note" id="obs_40_0036__note26171019823"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0036__p13617121915215">If you want to allow clients whose IP addresses are outside the configured range to access your bucket, grant access permissions to anonymous users by referring to <a href="obs_40_0030.html">Granting Permissions to Anonymous Users</a>.</p>
 </div></div>
-</p></li><li id="obs_40_0036__li14457546165717"><span>Click <strong id="obs_40_0036__b8709194992814">OK</strong>. The bucket policy is created.</span></li></ol>
+</p></li><li id="obs_40_0036__li14457546165717"><span>Click <strong id="obs_40_0036__b8709194992814">OK</strong>.</span></li></ol>
 </div>
-<div class="section" id="obs_40_0036__section159232335471"><h4 class="sectiontitle">Verification</h4><p id="obs_40_0036__p1589143714477">Initiate an access request from an IP address within the range of 114.115.1.0/24. The access is denied. Initiate an access request from an IP address outside the range of 114.115.1.0/24. The access is allowed.</p>
+<div class="section" id="obs_40_0036__section159232335471"><h4 class="sectiontitle">Verification</h4><p id="obs_40_0036__p1589143714477">Initiate an access request from an IP address within 114.115.1.0/24. The access is denied. Initiate an access request from an IP address outside 114.115.1.0/24. The access is allowed.</p>
 </div>
-<div class="section" id="obs_40_0036__section1983162754"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0036__p39523106515">To allow only a specified IP address to access the OBS bucket, set <strong id="obs_40_0036__b165714845102217">Condition Operator</strong> to <strong id="obs_40_0036__b698961474102217">NotIpAddress</strong> and specify the allowed IP address as the <strong id="obs_40_0036__b1257075104102217">Value</strong>.</p>
+<div class="section" id="obs_40_0036__section1983162754"><h4 class="sectiontitle">Related Scenarios</h4><ul id="obs_40_0036__ul11637161915157"><li id="obs_40_0036__li20637119161513">To allow only a specified IP address to access the OBS bucket, set <strong id="obs_40_0036__b114633711381">Condition Operator</strong> to <strong id="obs_40_0036__b74623716384">NotIpAddress</strong> and specify the allowed IP address as the <strong id="obs_40_0036__b164616378382">Value</strong>.</li></ul>
 </div>
 </div>
 <div>
 <div class="familylinks">
-<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Configuration Cases in Typical Permission Control Scenarios</a></div>
+<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Permission Configuration in Typical Scenarios</a></div>
 </div>
 </div>
 
diff --git a/docs/obs/perms-cfg/obs_40_0037.html b/docs/obs/perms-cfg/obs_40_0037.html
index 08b4ea34..bdb584a9 100644
--- a/docs/obs/perms-cfg/obs_40_0037.html
+++ b/docs/obs/perms-cfg/obs_40_0037.html
@@ -1,10 +1,10 @@
 <a name="obs_40_0037"></a><a name="obs_40_0037"></a>
 
 <h1 class="topictitle1">Granting Temporary Access to OBS</h1>
-<div id="body1597050561891"><div class="section" id="obs_40_0037__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0037__p3431154410448">This case describes how to use temporary access keys (temporary AK/SK and security token) to access OBS in temporary authorization mode.</p>
+<div id="body1597050561891"><div class="section" id="obs_40_0037__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0037__p3431154410448">This case describes how to use temporary access keys (temporary AK/SK and security token) to access OBS.</p>
 <p id="obs_40_0037__p1663009161912">Assume that you want to enable an IAM user (user name: APPServer) to access the APPClient folder in bucket <strong id="obs_40_0037__b166099288132">hi-company</strong> and apply for two different temporary access keys to distribute to APP-1 and APP-2. APP-1 can only access files in APPClient/APP-1. APP-2 can access only the files in APPClient/APP-2.</p>
 </div>
-<div class="section" id="obs_40_0037__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0037__ol170633855216"><li id="obs_40_0037__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0037__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0037__b1524342811413">Service List</strong> &gt; <strong id="obs_40_0037__b724310286417">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0037__b112433281644">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0037__li54221529115513"><span>Create an IAM user <strong id="obs_40_0037__b14273510475">APPServer</strong>. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/en-us_topic_0046611303.html" target="_blank" rel="noopener noreferrer">Creating a User</a>.</span></li><li id="obs_40_0037__li148774498186"><span>Create a user-defined policy that allows access to the AppClient folder in bucket hi-company.</span><p><ol type="a" id="obs_40_0037__ol294413212193"><li id="obs_40_0037__li1848615103345">In the navigation pane, choose <strong id="obs_40_0037__b8555846143312">Permissions</strong>.</li><li id="obs_40_0037__li1417104719219">Configure parameters for a custom policy.<div class="note" id="obs_40_0037__note16133193719131"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0037__p8133113741313">Before configuring an IAM policy, you need to understand what permissions are required. An IAM user only has the permissions defined by the policy. In this example, user <strong id="obs_40_0037__b99995311910740">APPServer</strong> only has full permissions on objects in the <strong id="obs_40_0037__b78713857610740">APPClient</strong> folder.</p>
+<div class="section" id="obs_40_0037__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0037__ol170633855216"><li id="obs_40_0037__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0037__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0037__b1524342811413">Service List</strong> &gt; <strong id="obs_40_0037__b724310286417">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0037__b112433281644">Identity and Access Management</strong>.</span></li><li id="obs_40_0037__li54221529115513"><span>Create an IAM user <strong id="obs_40_0037__b14273510475">APPServer</strong>. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/en-us_topic_0046611303.html" target="_blank" rel="noopener noreferrer">Creating an IAM User</a>.</span></li><li id="obs_40_0037__li148774498186"><span>Create a user-defined policy that allows access to the AppClient folder in bucket hi-company.</span><p><ol type="a" id="obs_40_0037__ol294413212193"><li id="obs_40_0037__li1848615103345">In the navigation pane, choose <strong id="obs_40_0037__b8555846143312">Permissions</strong>.</li><li id="obs_40_0037__li1417104719219">Configure parameters for a custom policy.<div class="note" id="obs_40_0037__note16133193719131"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0037__p8133113741313">Before configuring an IAM policy, you need to understand what permissions are required. An IAM user only has the permissions defined by the policy. In this example, user <strong id="obs_40_0037__b99995311910740">APPServer</strong> only has full permissions on objects in the <strong id="obs_40_0037__b78713857610740">APPClient</strong> folder.</p>
 </div></div>
 <div class="fignone" id="obs_40_0037__fig16929854596"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0037__image49301051598" src="en-us_image_0000001435988521.png"></span></div>
 
@@ -16,12 +16,12 @@
 </thead>
 <tbody><tr id="obs_40_0037__row17375102752819"><td class="cellrowborder" valign="top" width="21.54%" headers="mcps1.3.2.2.4.2.1.2.3.2.3.1.1 "><p id="obs_40_0037__p1737572772816">Policy Name</p>
 </td>
-<td class="cellrowborder" valign="top" width="78.46%" headers="mcps1.3.2.2.4.2.1.2.3.2.3.1.2 "><p id="obs_40_0037__p83758278280">Name of the custom policy</p>
+<td class="cellrowborder" valign="top" width="78.46%" headers="mcps1.3.2.2.4.2.1.2.3.2.3.1.2 "><p id="obs_40_0037__p83758278280">Enter a policy name.</p>
 </td>
 </tr>
 <tr id="obs_40_0037__row1937592712288"><td class="cellrowborder" valign="top" width="21.54%" headers="mcps1.3.2.2.4.2.1.2.3.2.3.1.1 "><p id="obs_40_0037__p173753272284">Policy View</p>
 </td>
-<td class="cellrowborder" valign="top" width="78.46%" headers="mcps1.3.2.2.4.2.1.2.3.2.3.1.2 "><p id="obs_40_0037__p17375102714285">Set this parameter based on your own habits. <strong id="obs_40_0037__b107464561410740">JSON</strong> is used here.</p>
+<td class="cellrowborder" valign="top" width="78.46%" headers="mcps1.3.2.2.4.2.1.2.3.2.3.1.2 "><p id="obs_40_0037__p17375102714285">Select one based on your own habits. <strong id="obs_40_0037__b1682619311312">JSON</strong> is used here.</p>
 </td>
 </tr>
 <tr id="obs_40_0037__row133751227142812"><td class="cellrowborder" valign="top" width="21.54%" headers="mcps1.3.2.2.4.2.1.2.3.2.3.1.1 "><p id="obs_40_0037__p203751027172816">Policy Content</p>
@@ -50,11 +50,11 @@
 </tbody>
 </table>
 </div>
-</li><li id="obs_40_0037__li964374182211">Click <strong id="obs_40_0037__b15661312110740">OK</strong>. The custom policy is created.</li></ol>
-</p></li><li id="obs_40_0037__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0037__p1312812258417">Add the created custom policy to the user group by following the instructions in the IAM document.</p>
-</p></li><li id="obs_40_0037__li12273529113919"><span>Add the IAM user (<strong id="obs_40_0037__b10471848145518">APPServer</strong>) you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0037__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0037__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.</p>
+</li><li id="obs_40_0037__li964374182211">Click <strong id="obs_40_0037__b15661312110740">OK</strong>.</li></ol>
+</p></li><li id="obs_40_0037__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0037__p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
+</p></li><li id="obs_40_0037__li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user (APPServer) to the created user group</a>.</span><p><div class="note" id="obs_40_0037__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0037__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
 </div></div>
-</p></li><li id="obs_40_0037__li753752717303"><span><span style="color:#3D3F43;">The IAM user (APPServer) obtains temporary access keys (temporary access keys and security token) for </span><strong style="color:#3D3F43;" id="obs_40_0037__b71217300354">APP-1</strong><span style="color:#3D3F43;"> and </span><strong style="color:#3D3F43;" id="obs_40_0037__b0972183116356">APP-2</strong><span style="color:#3D3F43;">.</span></span><p><p id="obs_40_0037__p13248204142615"><span style="color:#3D3F43;">To obtain temporary access keys with different permissions, you need to set a temporary policy by adding the policy parameter in the request body</span>. For details, see <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0097949518.html" target="_blank" rel="noopener noreferrer">Obtaining a Temporary AK/SK</a><span style="color:#3D3F43;">.</span></p>
+</p></li><li id="obs_40_0037__li753752717303"><span>The IAM user (APPServer) obtains temporary access keys (temporary access keys and security token) for <strong id="obs_40_0037__b71217300354">APP-1</strong> and <strong id="obs_40_0037__b0972183116356">APP-2</strong>.</span><p><p id="obs_40_0037__p13248204142615">To obtain temporary access keys with different permissions, you need to set a temporary policy by adding the policy parameter in the request body. For details, see <a href="https://docs.otc.t-systems.com/en-us/api/iam/en-us_topic_0097949518.html" target="_blank" rel="noopener noreferrer">Obtaining a Temporary AK/SK</a>.</p>
 <p id="obs_40_0037__p1671713105813">The following is a sample request for obtaining a pair of temporary access keys. The temporary policy parameters are displayed in bold.</p>
 <p id="obs_40_0037__p181085211581"><strong id="obs_40_0037__b214707742410740">A sample request for obtaining a pair of temporary access keys for the device app </strong><strong id="obs_40_0037__b83903714510740">APP-1</strong><strong id="obs_40_0037__b28790197010740">:</strong></p>
 <pre class="screen" id="obs_40_0037__screen111122027581">{
@@ -119,7 +119,7 @@
 </div>
 <div>
 <div class="familylinks">
-<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Configuration Cases in Typical Permission Control Scenarios</a></div>
+<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Permission Configuration in Typical Scenarios</a></div>
 </div>
 </div>
 
diff --git a/docs/obs/perms-cfg/obs_40_0039.html b/docs/obs/perms-cfg/obs_40_0039.html
index 1cdc93a8..870f6a61 100644
--- a/docs/obs/perms-cfg/obs_40_0039.html
+++ b/docs/obs/perms-cfg/obs_40_0039.html
@@ -8,17 +8,23 @@
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0039__row17882114844"><td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.1.1.3.1.1 "><p id="obs_40_0039__p988218141412">2023-02-16</p>
+<tbody><tr id="obs_40_0039__row1496314111094"><td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.1.1.3.1.1 "><p id="obs_40_0039__p16727416995">2024-07-23</p>
 </td>
-<td class="cellrowborder" valign="top" width="82%" headers="mcps1.3.1.1.3.1.2 "><p id="obs_40_0039__p176556119517">This is the second official release.</p>
+<td class="cellrowborder" valign="top" width="82%" headers="mcps1.3.1.1.3.1.2 "><p id="obs_40_0039__p1772711612914">This issue is the third official release.</p>
+<p id="obs_40_0039__p472710161693">This issue incorporates the following changes:</p>
+<ul id="obs_40_0039__ul67272167911"><li id="obs_40_0039__li57271161097">Updated description about <strong id="obs_40_0039__b31681448163112">Policy Content</strong> in <a href="obs_40_0023.html">Granting IAM User Groups Specific Permissions on Specific OBS Resources</a> and <a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and the Resources in It</a>.</li></ul>
+</td>
+</tr>
+<tr id="obs_40_0039__row17882114844"><td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.1.1.3.1.1 "><p id="obs_40_0039__p988218141412">2023-02-16</p>
+</td>
+<td class="cellrowborder" valign="top" width="82%" headers="mcps1.3.1.1.3.1.2 "><p id="obs_40_0039__p176556119517">This issue is the second official release.</p>
 <p id="obs_40_0039__p7655131958">This issue incorporates the following changes:</p>
-<p id="obs_40_0039__p16323195717818">Updated the application scenario of access control with IAM permissions.</p>
-<p id="obs_40_0039__p19352886518">Updated the GUI screenshots and parameter descriptions about bucket policy creation.</p>
+<ul id="obs_40_0039__ul84436318472"><li id="obs_40_0039__li10443113110478">Updated the application scenario of access control with IAM permissions.</li><li id="obs_40_0039__li144431131194719">Updated the GUI screenshots and parameter descriptions about bucket policy creation.</li></ul>
 </td>
 </tr>
 <tr id="obs_40_0039__row526245164"><td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.1.1.3.1.1 "><p id="obs_40_0039__p52617451866">2022-10-27</p>
 </td>
-<td class="cellrowborder" valign="top" width="82%" headers="mcps1.3.1.1.3.1.2 "><p id="obs_40_0039__p727184515610">This is the first official release.</p>
+<td class="cellrowborder" valign="top" width="82%" headers="mcps1.3.1.1.3.1.2 "><p id="obs_40_0039__p727184515610">This issue is the first official release.</p>
 </td>
 </tr>
 </tbody>
diff --git a/docs/obs/perms-cfg/obs_40_0041.html b/docs/obs/perms-cfg/obs_40_0041.html
index dab7724c..7dc1f83c 100644
--- a/docs/obs/perms-cfg/obs_40_0041.html
+++ b/docs/obs/perms-cfg/obs_40_0041.html
@@ -1,7 +1,7 @@
 <a name="obs_40_0041"></a><a name="obs_40_0041"></a>
 
 <h1 class="topictitle1">Bucket Policy Parameters</h1>
-<div id="body0000001132232227"><p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p6480821">A policy in JSON format is described as follows:</p>
+<div id="body0000001132232227"><p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p6480821">A bucket policy in JSON format:</p>
 <pre class="screen" id="obs_40_0041__en-us_topic_0118394684_screen1671243035119">{ 
 "Statement" : [{
      statement1
@@ -17,7 +17,7 @@
      "Sid": "ExampleStatementID1",
      "Principal": "*",
      "Effect": "Allow",   
-     "Action": "ListBucket",
+     "Action": ["ListBucket"],
      "Resource": "examplebucket",
      "Condition": "some conditions"
   },
@@ -25,7 +25,7 @@
      "Sid": "ExampleStatementID2",
      "Principal": "*",
      "Effect": "Allow",   
-     "Action": "PutObject",
+     "Action": ["PutObject"],
      "Resource": "examplebucket",
      "Condition": "some conditions"
   },
@@ -33,9 +33,9 @@
 ]
 }</pre>
 </div>
-<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p26302712">A policy is comprised of one or more statements. Each statement contains the following elements:</p>
+<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p26302712">A policy consists of one or more statements. Each statement contains the following elements:</p>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__en-us_topic_0118394684_table35397823" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Statement elements</caption><thead align="left"><tr id="obs_40_0041__en-us_topic_0118394684_row21716226"><th align="left" class="cellrowborder" valign="top" width="16.33%" id="mcps1.3.5.2.4.1.1"><p id="obs_40_0041__en-us_topic_0118394684_p14183880">Element</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__en-us_topic_0118394684_table35397823" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Elements of a bucket policy statement</caption><thead align="left"><tr id="obs_40_0041__en-us_topic_0118394684_row21716226"><th align="left" class="cellrowborder" valign="top" width="16.33%" id="mcps1.3.5.2.4.1.1"><p id="obs_40_0041__en-us_topic_0118394684_p14183880">Element</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="62.239999999999995%" id="mcps1.3.5.2.4.1.2"><p id="obs_40_0041__en-us_topic_0118394684_p5283556">Description</p>
 </th>
@@ -45,63 +45,63 @@
 </thead>
 <tbody><tr id="obs_40_0041__en-us_topic_0118394684_row66730779"><td class="cellrowborder" valign="top" width="16.33%" headers="mcps1.3.5.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p36484039">Sid</p>
 </td>
-<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p2417216">ID of a statement. The value is a string that describes the statement.</p>
+<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p2417216">ID of the statement. The value is a string that describes the statement.</p>
 </td>
 <td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.5.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p61576813">Optional</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row17320411"><td class="cellrowborder" valign="top" width="16.33%" headers="mcps1.3.5.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p60776050">Principal</p>
 </td>
-<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p23913009">Domains and users to which a statement applies. The wildcard (*) is supported, indicating all users. When permissions are authorized to all users under a domain, the format of <strong id="obs_40_0041__b1270895110351">Principal</strong> is <strong id="obs_40_0041__b1563416151391">domain/</strong><em id="obs_40_0041__i770855173518">domainid</em><strong id="obs_40_0041__b76352151395">:user/*</strong>. When permissions are authorized to a specific user under a domain, the format of <strong id="obs_40_0041__b1370955153513">Principal</strong> is <strong id="obs_40_0041__b1652552193913">domain/</strong><em id="obs_40_0041__i770919517355">domainid</em><strong id="obs_40_0041__b10131425133910">:user/</strong><em id="obs_40_0041__i3709145123513">userId</em> or <strong id="obs_40_0041__b111641281398">domain/</strong><em id="obs_40_0041__i10709151173519">domainid</em><strong id="obs_40_0041__b2206103093914">:user/</strong><em id="obs_40_0041__i13710851183518">userName</em>.</p>
+<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p23913009">Domains and users that a statement applies to. The value can be a wildcard (*), indicating all users. To grant permissions to all users in a domain, set <strong id="obs_40_0041__b1270895110351">Principal</strong> to <strong id="obs_40_0041__b1563416151391">domain/</strong><em id="obs_40_0041__i770855173518">domainid</em><strong id="obs_40_0041__b76352151395">:user/*</strong>. To grant permissions to a specific user in a domain, set <strong id="obs_40_0041__b1370955153513">Principal</strong> to <strong id="obs_40_0041__b1652552193913">domain/</strong><em id="obs_40_0041__i770919517355">domainid</em><strong id="obs_40_0041__b10131425133910">:user/</strong><em id="obs_40_0041__i3709145123513">userId</em> or <strong id="obs_40_0041__b111641281398">domain/</strong><em id="obs_40_0041__i10709151173519">domainid</em><strong id="obs_40_0041__b2206103093914">:user/</strong><em id="obs_40_0041__i13710851183518">userName</em>.</p>
 </td>
 <td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.5.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p1708187">Optional. Select either <strong id="obs_40_0041__b335344343417">Principal</strong> or <strong id="obs_40_0041__b123561543103416">NotPrincipal</strong>.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row15373683"><td class="cellrowborder" valign="top" width="16.33%" headers="mcps1.3.5.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p37308772">NotPrincipal</p>
 </td>
-<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p2111686">An exception to a list of principals in the statement. You can deny access to all principals except the ones named in the <strong id="obs_40_0041__b27826465295">NotPrincipal</strong> element. This parameter has the same value format as <strong id="obs_40_0041__b93347353439">Principal</strong>.</p>
+<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p2111686">Users that the statement does not apply to. Its value has the same format as <strong id="obs_40_0041__b93347353439">Principal</strong>.</p>
 </td>
 <td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.5.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p36828864">Optional. Select either <strong id="obs_40_0041__b6701151211415">NotPrincipal</strong> or <strong id="obs_40_0041__b77011127142">Principal</strong>.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row63024326"><td class="cellrowborder" valign="top" width="16.33%" headers="mcps1.3.5.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p4696792">Action</p>
 </td>
-<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p44895895">Actions which a statement applies to. This parameter specifies a set of all the operations supported by OBS. Its values are case insensitive. The value supports a wildcard character (*) that indicates all actions, for example, <strong id="obs_40_0041__b681719509239">"Action":["List*", "Get*"]</strong>.</p>
+<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p44895895">Actions that the statement applies to. This parameter specifies a set of all the operations supported by OBS. Its values are case insensitive. The value can be a wildcard character (*) that indicates all operations. For example: <strong id="obs_40_0041__b1416574162611">"Action":["List*","Get*"]</strong>.</p>
 </td>
 <td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.5.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p12688874">Optional. Select either <strong id="obs_40_0041__b269519307142">Action</strong> or <strong id="obs_40_0041__b769519302146">NotAction</strong>.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row47091007"><td class="cellrowborder" valign="top" width="16.33%" headers="mcps1.3.5.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p56275212">NotAction</p>
 </td>
-<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p61998305">An exception to a list of actions in the statement. All actions are performed except the ones specified in <strong id="obs_40_0041__b11503178319">NotAction</strong>. This parameter has the same value format as <strong id="obs_40_0041__b1797817478236">Action</strong>.</p>
+<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p61998305">Actions that are not controlled by this statement. Its value has the same format as <strong id="obs_40_0041__b1797817478236">Action</strong>.</p>
 </td>
 <td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.5.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p55806823">Optional. Select either <strong id="obs_40_0041__b17677201132412">Action</strong> or <strong id="obs_40_0041__b20677141102420">NotAction</strong>.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row32499364"><td class="cellrowborder" valign="top" width="16.33%" headers="mcps1.3.5.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p15202805">Effect</p>
 </td>
-<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p23467724">Whether the permission in a statement is allowed or denied. The value is <strong id="obs_40_0041__b173465263109">Allow</strong> or <strong id="obs_40_0041__b173112711106">Deny</strong>.</p>
+<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p23467724">Whether the permission in a statement is <strong id="obs_40_0041__b173465263109">Allow</strong> or <strong id="obs_40_0041__b173112711106">Deny</strong>.</p>
 </td>
 <td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.5.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p21837454">Mandatory</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row62319364"><td class="cellrowborder" valign="top" width="16.33%" headers="mcps1.3.5.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p14703700">Resource</p>
 </td>
-<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p50149061">Resources on which the statement takes effect. The wildcard (*) is supported, indicating all resources.</p>
+<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p50149061">Resources that the statement will apply to. You can use a wildcard (*) to indicate all resources.</p>
 </td>
 <td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.5.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p35542142">Optional. Select either <strong id="obs_40_0041__b167101454142714">Resource</strong> or <strong id="obs_40_0041__b37161954132710">NotResource</strong>.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row51443830"><td class="cellrowborder" valign="top" width="16.33%" headers="mcps1.3.5.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p6200687">NotResource</p>
 </td>
-<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p32493637">An exception to a list of resources in a statement. A policy is not applied to the resources specified in <strong id="obs_40_0041__b1583465593316">NotResource</strong>. This parameter has the same value format as <strong id="obs_40_0041__b186015872818">Resource</strong>.</p>
+<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p32493637">Resources that the statement will not apply to. Its value has the same format as <strong id="obs_40_0041__b186015872818">Resource</strong>.</p>
 </td>
 <td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.5.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p14738911">Optional. Select either <strong id="obs_40_0041__b151601317289">Resource</strong> or <strong id="obs_40_0041__b416014318283">NotResource</strong>.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row65541337"><td class="cellrowborder" valign="top" width="16.33%" headers="mcps1.3.5.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p7248085">Condition</p>
 </td>
-<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p50224009">Conditions for a statement to take effect.</p>
+<td class="cellrowborder" valign="top" width="62.239999999999995%" headers="mcps1.3.5.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p50224009">Conditions for the statement to take effect.</p>
 </td>
 <td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.5.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p41612958">Optional</p>
 </td>
@@ -109,16 +109,16 @@
 </tbody>
 </table>
 </div>
-<div class="note" id="obs_40_0041__en-us_topic_0118394684_note38972308"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="obs_40_0041__en-us_topic_0118394684_p15206460">A statement must contain either <strong id="obs_40_0041__b6244131833513">Action</strong> or <strong id="obs_40_0041__b102503182359">NotAction</strong>, either <strong id="obs_40_0041__b525031893518">Resource</strong> or <strong id="obs_40_0041__b112515185357">NotResource</strong>, and either <strong id="obs_40_0041__b172517184354">Principal</strong> or <strong id="obs_40_0041__b14251118103512">NotPrincipal</strong>.</p>
+<div class="note" id="obs_40_0041__en-us_topic_0118394684_note38972308"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="obs_40_0041__en-us_topic_0118394684_p15206460">A statement must contain <strong id="obs_40_0041__b6244131833513">Action</strong> or <strong id="obs_40_0041__b102503182359">NotAction</strong>, <strong id="obs_40_0041__b525031893518">Resource</strong> or <strong id="obs_40_0041__b112515185357">NotResource</strong>, and <strong id="obs_40_0041__b172517184354">Principal</strong> or <strong id="obs_40_0041__b14251118103512">NotPrincipal</strong>.</p>
 </div></div>
-<div class="section" id="obs_40_0041__en-us_topic_0118394684_section5503115113418"><h4 class="sectiontitle">Principal/NotPrincipal</h4><p id="obs_40_0041__en-us_topic_0118394684_p1896975443412"><strong id="obs_40_0041__b773733315359">Principal</strong> or <strong id="obs_40_0041__b19738233153516">NotPrincipal</strong> supported by OBS includes anonymous users, specific tenants, specific users, federated users, and agencies.</p>
+<div class="section" id="obs_40_0041__en-us_topic_0118394684_section5503115113418"><h4 class="sectiontitle">Principal/NotPrincipal</h4><p id="obs_40_0041__en-us_topic_0118394684_p1896975443412"><strong id="obs_40_0041__b773733315359">Principal</strong> or <strong id="obs_40_0041__b19738233153516">NotPrincipal</strong> can be anonymous users, specific tenants, specific users, federated users, or agencies.</p>
 </div>
 <ul id="obs_40_0041__en-us_topic_0118394684_ul11997279325"><li id="obs_40_0041__en-us_topic_0118394684_li919914277321">All (anonymous users)<pre class="screen" id="obs_40_0041__en-us_topic_0118394684_screen11878413">"Principal": {"ID": "*"}</pre>
-<p id="obs_40_0041__en-us_topic_0118394684_p02001827163219">In the example, the wildcard (*) is used as a placeholder for Everyone/Anonymous. We strongly recommend that you do not use wildcards in the <strong id="obs_40_0041__b73498579379">Principal</strong> element of the role's trust policy unless you have restricted access by using the <strong id="obs_40_0041__b8355165716373">Condition</strong> element in the policy.</p>
+<p id="obs_40_0041__en-us_topic_0118394684_p02001827163219">In the example, the wildcard (*) indicates Everyone/Anonymous. Do not use the wildcard for <strong id="obs_40_0041__b73498579379">Principal</strong> of the role's trust policy unless you have restricted access by using the <strong id="obs_40_0041__b8355165716373">Condition</strong> element in the policy.</p>
 </li></ul>
-<ul id="obs_40_0041__en-us_topic_0118394684_ul18200162773217"><li id="obs_40_0041__en-us_topic_0118394684_li15200162713322">Specific tenants<p id="obs_40_0041__en-us_topic_0118394684_p112007279329"><a name="obs_40_0041__en-us_topic_0118394684_li15200162713322"></a><a name="en-us_topic_0118394684_li15200162713322"></a>If the tenant identifier is used as the authorizer in the policy, permissions in the policy statement can be granted to all roles, including all the users, contained in this tenant. The following example demonstrates how to specify a tenant as an authorizer.</p>
+<ul id="obs_40_0041__en-us_topic_0118394684_ul18200162773217"><li id="obs_40_0041__en-us_topic_0118394684_li15200162713322">Specific tenants<p id="obs_40_0041__en-us_topic_0118394684_p112007279329"><a name="obs_40_0041__en-us_topic_0118394684_li15200162713322"></a><a name="en-us_topic_0118394684_li15200162713322"></a>If a tenant identifier is used as the <strong id="obs_40_0041__b125241872614">Principal</strong> of a policy, permissions are granted to all users of this tenant. This includes all subscribers under the account. The following example demonstrates how to specify an account as an authorized person.</p>
 <pre class="screen" id="obs_40_0041__en-us_topic_0118394684_screen19670056163418">"Principal": { "ID": " domain/domainIdxxxx:user/*" }</pre>
-<p id="obs_40_0041__en-us_topic_0118394684_p17200132793218">You can grant permissions to multiple tenants, as described in the following example:</p>
+<p id="obs_40_0041__en-us_topic_0118394684_p17200132793218">You can also grant permissions to multiple tenants at a time:</p>
 <pre class="screen" id="obs_40_0041__en-us_topic_0118394684_screen11252153883617">"Principal": { 
   "ID": [
     "domain/domainIDxx1:user/useridxxxx",
@@ -126,7 +126,7 @@
   ]
 }</pre>
 </li></ul>
-<ul id="obs_40_0041__en-us_topic_0118394684_ul8201027193218"><li id="obs_40_0041__en-us_topic_0118394684_li12013277323">Specific users<p id="obs_40_0041__en-us_topic_0118394684_p7201927173212"><a name="obs_40_0041__en-us_topic_0118394684_li12013277323"></a><a name="en-us_topic_0118394684_li12013277323"></a>In the <strong id="obs_40_0041__b99361919144513">Principal</strong> element, user names are case sensitive.</p>
+<ul id="obs_40_0041__en-us_topic_0118394684_ul8201027193218"><li id="obs_40_0041__en-us_topic_0118394684_li12013277323">Specific users<p id="obs_40_0041__en-us_topic_0118394684_p7201927173212"><a name="obs_40_0041__en-us_topic_0118394684_li12013277323"></a><a name="en-us_topic_0118394684_li12013277323"></a>User names in the <strong id="obs_40_0041__b99361919144513">Principal</strong> element are case-sensitive.</p>
 <pre class="screen" id="obs_40_0041__en-us_topic_0118394684_screen7831174053613">"Principal": {"ID": "domain/domainIDxxx:user/user-name" }
 "Principal": {
   "ID": [
@@ -141,25 +141,25 @@
 "Principal": { "ID": "domain/domainIDxxx:agency/*" }</pre>
 </div>
 </li></ul>
-<p id="obs_40_0041__p84772255592">The principals on OBS Console refer to the users which the bucket policies apply to. These users can be accounts, federated users or federated user groups, and IAM users. You can specify principals in either of the following ways:</p>
-<ul id="obs_40_0041__ul108801826115212"><li id="obs_40_0041__li7880926165213"><strong id="obs_40_0041__b11724113010289">Include</strong>: Specifies the users to whom the bucket policy applies.</li><li id="obs_40_0041__li1488092635210"><strong id="obs_40_0041__b186651437523">Exclude</strong>: Specifies that to all users except the specified ones the bucket policy applies.</li></ul>
+<p id="obs_40_0041__p84772255592">The principals on OBS Console refer to the users that the bucket policies apply to. These users can be accounts, federated users or federated user groups, or IAM users. You can specify the principals to include or exclude.</p>
+<ul id="obs_40_0041__ul108801826115212"><li id="obs_40_0041__li7880926165213"><strong id="obs_40_0041__b8689157194718">Include</strong>: The policy applies to specified users.</li><li id="obs_40_0041__li1488092635210"><strong id="obs_40_0041__b15966548194719">Exclude</strong>: The policy applies to users except the specified ones.</li></ul>
 <p id="obs_40_0041__p13981044541"><strong id="obs_40_0041__b15754250115719">Specifying IAM users under the current account</strong></p>
-<p id="obs_40_0041__p180315561844">With <strong id="obs_40_0041__b195153119474">Principal</strong> set to <strong id="obs_40_0041__b1751611114478">Current account</strong>, you can select one or more IAM users under this account, so the bucket policy applies to the selected IAM users.</p>
+<p id="obs_40_0041__p180315561844">You can set <strong id="obs_40_0041__b195153119474">Principal</strong> to <strong id="obs_40_0041__b1751611114478">Current account</strong> and select one or more IAM users under this account, so that the bucket policy applies to the selected IAM users.</p>
 <p id="obs_40_0041__p12891650154713"><strong id="obs_40_0041__b95775202518">Specifying another account</strong></p>
-<p id="obs_40_0041__p69291443104715">With <strong id="obs_40_0041__b4886225184814">Principal</strong> set to <strong id="obs_40_0041__b2887162584819">Other account</strong>, you can enter an account ID. If you want to grant access only to IAM users under the account, you need to enter user IDs, and use commas (,) to separate one user ID from another.</p>
-<div class="note" id="obs_40_0041__note81331511189"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0041__p18133185201812">To obtain the account ID and user ID, log in to the console as an IAM user and go to the <strong id="obs_40_0041__b46913501486">My Credentials</strong> page.</p>
+<p id="obs_40_0041__p69291443104715">You can set <strong id="obs_40_0041__b4886225184814">Principal</strong> to <strong id="obs_40_0041__b2887162584819">Other account</strong>, enter an account ID, and then enter one or more user IDs to apply the bucket policy to only the IAM users under that account. You need to use commas (,) to separate user IDs.</p>
+<div class="note" id="obs_40_0041__note81331511189"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0041__p18133185201812">To obtain the account ID and user ID, log in to the console as an IAM user and go to the <strong id="obs_40_0041__b46913501486">My Credentials</strong> page to obtain them.</p>
 </div></div>
-<p id="obs_40_0041__p13685381141"><strong id="obs_40_0041__b419212311060">Specifying anonymous users</strong></p>
-<p id="obs_40_0041__p2088114267528">To grant the bucket access to anyone, set <strong id="obs_40_0041__b12271754661">Principal</strong> to <strong id="obs_40_0041__b6345542618">Other account</strong> and enter a wildcard (*) as the account ID.</p>
-<div class="notice" id="obs_40_0041__note198214105314"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="obs_40_0041__p149831448536">Exercise caution when granting bucket access permissions to anonymous users. If you grant the access permissions to anonymous users, anyone can access your bucket. You are advised to set restrictions on access requests. For example, you can allow the access requests from only one IP address.</p>
+<p id="obs_40_0041__p13685381141"><strong id="obs_40_0041__b1425214111519">Specifying </strong><strong id="obs_40_0041__b92521211952">anonymous users</strong><strong id="obs_40_0041__b1025211858"></strong></p>
+<p id="obs_40_0041__p2088114267528">To grant access to anyone, set <strong id="obs_40_0041__b12271754661">Principal</strong> to <strong id="obs_40_0041__b6345542618">Other account</strong> and enter a wildcard (*) as the account ID.</p>
+<div class="notice" id="obs_40_0041__note198214105314"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="obs_40_0041__p149831448536">Exercise caution when granting permissions to anonymous users. If you grant the permissions to anonymous users, anyone can access your bucket. You are advised to restrict access requests. For example, you can allow access only from a specific IP address.</p>
 </div></div>
-<div class="section" id="obs_40_0041__en-us_topic_0118394684_section1623516525350"><a name="obs_40_0041__en-us_topic_0118394684_section1623516525350"></a><a name="en-us_topic_0118394684_section1623516525350"></a><h4 class="sectiontitle">Action/NotAction</h4><p id="obs_40_0041__p205313416552">If a policy applies to a bucket, configure bucket-related actions; if the policy applies to the objects in a bucket, configure object-related actions.</p>
+<div class="section" id="obs_40_0041__en-us_topic_0118394684_section1623516525350"><a name="obs_40_0041__en-us_topic_0118394684_section1623516525350"></a><a name="en-us_topic_0118394684_section1623516525350"></a><h4 class="sectiontitle">Action/NotAction</h4><p id="obs_40_0041__p205313416552">If a policy applies to a bucket, configure bucket-related actions. If the policy applies to the objects in a bucket, configure object-related actions.</p>
 <p id="obs_40_0041__p77695354145">Actions can be specified in either of the following ways:</p>
-<ul id="obs_40_0041__ul108291819152819"><li id="obs_40_0041__li100102451519"><strong id="obs_40_0041__b1260710264507">Include</strong>: Specifies the actions on which the bucket policy takes effect.</li><li id="obs_40_0041__li12829619172810"><strong id="obs_40_0041__b20170104405015">Exclude</strong>: Specifies that on all actions except the specified ones the bucket policy takes effect.</li></ul>
+<ul id="obs_40_0041__ul108291819152819"><li id="obs_40_0041__li100102451519"><strong id="obs_40_0041__b375145299">Include</strong>: The bucket policy applies to specified actions.</li><li id="obs_40_0041__li12829619172810"><strong id="obs_40_0041__b93501416142911">Exclude</strong>: The bucket policy applies to actions except the specified ones.</li></ul>
 </div>
 <p id="obs_40_0041__p2166204972813"><strong id="obs_40_0041__b7865849122419">Bucket Actions</strong></p>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table13827194016555" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Action description</caption><thead align="left"><tr id="obs_40_0041__row85334118557"><th align="left" class="cellrowborder" valign="top" width="16.16%" id="mcps1.3.24.2.4.1.1"><p id="obs_40_0041__p195334120552">Type</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table13827194016555" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Description of bucket-related actions</caption><thead align="left"><tr id="obs_40_0041__row85334118557"><th align="left" class="cellrowborder" valign="top" width="16.16%" id="mcps1.3.24.2.4.1.1"><p id="obs_40_0041__p195334120552">Type</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="30.220000000000002%" id="mcps1.3.24.2.4.1.2"><p id="obs_40_0041__p175354120557">Value</p>
 </th>
@@ -171,22 +171,22 @@
 </td>
 <td class="cellrowborder" valign="top" width="30.220000000000002%" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p453174113553">*</p>
 </td>
-<td class="cellrowborder" valign="top" width="53.620000000000005%" headers="mcps1.3.24.2.4.1.3 "><p id="obs_40_0041__p135334117553">Indicates that all operations can be performed on a resource.</p>
+<td class="cellrowborder" valign="top" width="53.620000000000005%" headers="mcps1.3.24.2.4.1.3 "><p id="obs_40_0041__p135334117553">Indicates all actions on a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row1453124118553"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p15334135514">Get*</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p1153041155513">Indicates that all GET operations can be performed on a resource.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p1153041155513">Indicates all GET actions on a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row55304185517"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p1553124165517">Put*</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p13535414553">Indicates that all PUT operations can be performed on a resource.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p13535414553">Indicates all PUT actions on a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row1053184119554"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p853741105510">List*</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p653441185516">Indicates that all LIST operations can be performed on a resource.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p653441185516">Indicates all LIST actions on a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row1746441913813"><td class="cellrowborder" rowspan="19" valign="top" width="16.16%" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p15464419123810">Bucket</p>
@@ -203,7 +203,7 @@
 </tr>
 <tr id="obs_40_0041__row1154041115519"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p9541741175510">ListBucket</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p1154134112551">Lists objects in a bucket, and gets the bucket metadata.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p1154134112551">Lists objects in a bucket, and obtains the bucket metadata.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row95474110559"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p20541041185513">ListBucketVersions</p>
@@ -218,12 +218,12 @@
 </tr>
 <tr id="obs_40_0041__row3541541155515"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p45474113559">GetBucketAcl</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p1545412557">Gets the bucket ACL information.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p1545412557">Gets the ACL information of a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row1541541125517"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p1854144125519">PutBucketAcl</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p185424175514">Configures a bucket ACL.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p185424175514">Configures ACL for a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row19548412556"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p17546419559">GetBucketCORS</p>
@@ -238,7 +238,7 @@
 </tr>
 <tr id="obs_40_0041__row18541541155513"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p35424175510">GetBucketVersioning</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p25694120558">Gets the bucket versioning information.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p25694120558">Gets the versioning information of a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row1556124110550"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p256114114557">PutBucketVersioning</p>
@@ -248,12 +248,12 @@
 </tr>
 <tr id="obs_40_0041__row1956174175518"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p105616414553">GetBucketLocation</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p65684195517">Gets the bucket location.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p65684195517">Gets the location of a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row65694112559"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p19567419551">GetBucketLogging</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p20561941195520">Gets the bucket logging information.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p20561941195520">Gets the logs of a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row25624135520"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p8576412557">PutBucketLogging</p>
@@ -263,7 +263,7 @@
 </tr>
 <tr id="obs_40_0041__row1457341125512"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p125714418556">GetBucketWebsite</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p145710418554">Obtains the static website configuration information of a bucket.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p145710418554">Obtains the static website configuration of a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row135744120554"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p957184112553">PutBucketWebsite</p>
@@ -273,7 +273,7 @@
 </tr>
 <tr id="obs_40_0041__row8571941185515"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p757164111551">DeleteBucketWebsite</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p11573417559">Cancels the static website hosting of a bucket.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.2 "><p id="obs_40_0041__p11573417559">Cancels static website hosting for a bucket.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row165719411553"><td class="cellrowborder" valign="top" headers="mcps1.3.24.2.4.1.1 "><p id="obs_40_0041__p1357104117554">GetLifecycleConfiguration</p>
@@ -291,7 +291,7 @@
 </div>
 <p id="obs_40_0041__p127181542914"><strong id="obs_40_0041__b1475811413240">Object Actions</strong></p>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table1020518423242" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Action description</caption><thead align="left"><tr id="obs_40_0041__row1620644218243"><th align="left" class="cellrowborder" valign="top" width="16.16%" id="mcps1.3.26.2.4.1.1"><p id="obs_40_0041__p120612421243">Type</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table1020518423242" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Description of object-related actions</caption><thead align="left"><tr id="obs_40_0041__row1620644218243"><th align="left" class="cellrowborder" valign="top" width="16.16%" id="mcps1.3.26.2.4.1.1"><p id="obs_40_0041__p120612421243">Type</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="30.3%" id="mcps1.3.26.2.4.1.2"><p id="obs_40_0041__p1920614217245">Value</p>
 </th>
@@ -303,22 +303,22 @@
 </td>
 <td class="cellrowborder" valign="top" width="30.3%" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p17206342142415">*</p>
 </td>
-<td class="cellrowborder" valign="top" width="53.54%" headers="mcps1.3.26.2.4.1.3 "><p id="obs_40_0041__p320664292412">Indicates that all operations can be performed on a resource.</p>
+<td class="cellrowborder" valign="top" width="53.54%" headers="mcps1.3.26.2.4.1.3 "><p id="obs_40_0041__p320664292412">Indicates all actions on an object.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row620624218240"><td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.1 "><p id="obs_40_0041__p1720611423245">Get*</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p1320617422244">Indicates that all GET operations can be performed on a resource.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p1320617422244">Indicates all GET actions on an object.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row1220634216241"><td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.1 "><p id="obs_40_0041__p7206134202415">Put*</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p620616420248">Indicates that all PUT operations can be performed on a resource.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p620616420248">Indicates all PUT actions on an object.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row5206164262415"><td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.1 "><p id="obs_40_0041__p19206144252410">List*</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p152061042112416">Indicates that all LIST operations can be performed on a resource.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p152061042112416">Indicates all LIST actions on an object.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row13206342192416"><td class="cellrowborder" rowspan="11" valign="top" width="16.16%" headers="mcps1.3.26.2.4.1.1 "><p id="obs_40_0041__p9206144211241">Object</p>
@@ -340,7 +340,7 @@
 </tr>
 <tr id="obs_40_0041__row3207144232415"><td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.1 "><p id="obs_40_0041__p132071542162416">GetObjectAcl</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p120704242415">Gets the object ACL information.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p120704242415">Gets the ACL information of an object.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row3207144272419"><td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.1 "><p id="obs_40_0041__p8207194212243">GetObjectVersionAcl</p>
@@ -350,12 +350,12 @@
 </tr>
 <tr id="obs_40_0041__row202072042172419"><td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.1 "><p id="obs_40_0041__p52071642162419">PutObjectAcl</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p420704222419">Configures the ACL for an object.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p420704222419">Configures ACL for an object.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row720715423242"><td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.1 "><p id="obs_40_0041__p12071942182413">PutObjectVersionAcl</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p120744282411">Configures the ACL for a specified object version.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.2 "><p id="obs_40_0041__p120744282411">Configures ACL for a specified object version.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__row1120704216242"><td class="cellrowborder" valign="top" headers="mcps1.3.26.2.4.1.1 "><p id="obs_40_0041__p520716423242">DeleteObject</p>
@@ -383,8 +383,8 @@
 </div>
 <div class="section" id="obs_40_0041__en-us_topic_0118394684_section12213204018369"><h4 class="sectiontitle">Resource/NotResource</h4><p id="obs_40_0041__p20757629185113">The resources supported by OBS are as follows:</p>
 </div>
-<ul id="obs_40_0041__en-us_topic_0118394684_ul093644813162"><li class="msonormal" id="obs_40_0041__en-us_topic_0118394684_li13934114841610"><em id="obs_40_0041__i178819184217">bucketname</em> (bucket operation): The <strong id="obs_40_0041__b1188814116424">Action</strong> drop-down list box contains the list of supported bucket actions. If you want to perform the listed operations on the bucket, set <strong id="obs_40_0041__b1588819112423">Resource</strong> to the bucket name.</li><li class="msonormal" id="obs_40_0041__en-us_topic_0118394684_li1093617484167"><em id="obs_40_0041__i6656162713427">bucketname/objectname</em> (object operation): The <strong id="obs_40_0041__b7663172716424">Action</strong> drop-down list box contains the list of supported object actions. If you want to respond to an object in a bucket, set <strong id="obs_40_0041__b116641027164217">Resource</strong> to <em id="obs_40_0041__i1366516271427">bucketname/objectname</em>. <strong id="obs_40_0041__b4119394440">objectname</strong> supports wildcards. For example, if you have permissions on the directory object in a bucket, set <strong id="obs_40_0041__b511917913442">Resource</strong> to <em id="obs_40_0041__i1797874424411">"bucketname/directory/*"</em>. If you have permissions on all the objects in a bucket, set <strong id="obs_40_0041__b16120119114414">Resource</strong> to <em id="obs_40_0041__i532652617454">"bucketname/*"</em>. If permissions for both a bucket and its objects need to be granted, set <strong id="obs_40_0041__b1312115910448">Resource</strong> to <strong id="obs_40_0041__b91216915445">["examplebucket/*","examplebucket"]</strong>.</li></ul>
-<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p28339309">The following example policy grants all operation permissions on <strong id="obs_40_0041__b17194943114214">examplebucket</strong> (including the bucket and its objects) to user1 whose user ID is <strong id="obs_40_0041__b172018439425">71f3901173514e6988115ea2c26d1999</strong> under account <strong id="obs_40_0041__b420264324211">b4bf1b36d9ca43d984fbcb9491b6fce9</strong> (account ID). </p>
+<ul id="obs_40_0041__en-us_topic_0118394684_ul093644813162"><li class="msonormal" id="obs_40_0041__en-us_topic_0118394684_li13934114841610"><em id="obs_40_0041__i178819184217">bucketname</em>: The <strong id="obs_40_0041__b1188814116424">Action</strong> drop-down list box lists all actions allowed on a bucket. To allow an action on a bucket, set <strong id="obs_40_0041__b1588819112423">Resource</strong> to the bucket name.</li><li class="msonormal" id="obs_40_0041__en-us_topic_0118394684_li1093617484167"><em id="obs_40_0041__i6656162713427">bucketname/objectname</em>: The <strong id="obs_40_0041__b7663172716424">Action</strong> drop-down list box lists all actions allowed on an object. To allow an action on an object in a bucket, set <strong id="obs_40_0041__b116641027164217">Resource</strong> to <em id="obs_40_0041__i1366516271427">bucketname/objectname</em>. You can use a wildcard for <strong id="obs_40_0041__b4119394440">objectname</strong> to allow an action on all objects in the bucket. For example, if you want to allow an action on all objects in a directory of a bucket, set <strong id="obs_40_0041__b511917913442">Resource</strong> to <em id="obs_40_0041__i1797874424411">"bucketname/directory/*"</em>. If you have permissions on all the objects in a bucket, set <strong id="obs_40_0041__b16120119114414">Resource</strong> to <em id="obs_40_0041__i532652617454">"bucketname/*"</em>. If you want to allow an action on both a bucket and its objects, set <strong id="obs_40_0041__b1312115910448">Resource</strong> to <strong id="obs_40_0041__b91216915445">["examplebucket/*","examplebucket"]</strong>.</li></ul>
+<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p28339309">The following example policy grants the permissions to allow user1 with the ID of <strong id="obs_40_0041__b172018439425">71f3901173514e6988115ea2c26d1999</strong> under account <strong id="obs_40_0041__b420264324211">b4bf1b36d9ca43d984fbcb9491b6fce9</strong> (account ID) to take all actions on the <strong id="obs_40_0041__b17194943114214">examplebucket</strong> bucket and all objects in it.</p>
 <pre class="screen" id="obs_40_0041__en-us_topic_0118394684_screen137871136173612">{ 
     "Statement":[ 
     { 
@@ -396,25 +396,25 @@
     } 
   ] 
 }</pre>
-<p id="obs_40_0041__p27361558140">On OBS Console, resources can be a bucket or objects in the bucket.</p>
-<p id="obs_40_0041__p3201152310539">Resources can be specified in either of the following ways:</p>
-<ul id="obs_40_0041__ul18201323125311"><li id="obs_40_0041__li1620132355317"><strong id="obs_40_0041__b2172171711917">Include</strong>: Specifies the OBS resources on which the bucket policy takes effect.</li><li id="obs_40_0041__li152011423195316"><strong id="obs_40_0041__b145660221899">Exclude</strong>: Specifies that on all OBS resources except the specified ones the bucket policy takes effect.</li></ul>
-<p id="obs_40_0041__p4748115711511"><strong id="obs_40_0041__b1421592619112">Specifying the bucket as the resource</strong></p>
-<p id="obs_40_0041__p7692111610414">To specify the current bucket as the resource, keep the resource text box empty. When configuring actions for the policy, select bucket related actions.</p>
-<p id="obs_40_0041__p1858224595420"><strong id="obs_40_0041__b1211925451115">Specifying objects as the resources</strong></p>
-<p id="obs_40_0041__p1020118236532">When objects in a bucket are specified as the resources, configure object-related actions in the bucket policy. The following are examples of how to specify objects as resources.</p>
-<ul id="obs_40_0041__ul1620119232537"><li id="obs_40_0041__li72011823155312">For an object, enter the object name (including its folder name if any). For example, if the specified resource is the <strong id="obs_40_0041__b0225719165314">example.jpg</strong> file in the <strong id="obs_40_0041__b112321919185319">imgs-folder</strong> folder in the bucket, enter the following content in the resource text box:<p id="obs_40_0041__p182671834115620"><strong id="obs_40_0041__b11371825121318">imgs-folder/example.jpg</strong></p>
-</li><li id="obs_40_0041__li8201623115313">For an object set, the wildcard asterisk (*) should be used. The asterisk (*) indicates an empty string or any combination of multiple characters. The format rules are as follows:<ul id="obs_40_0041__ul15201192315537"><li id="obs_40_0041__li1220282315531">Use only one asterisk (*) to indicate all objects in a bucket.</li><li id="obs_40_0041__li52024233535">Use <em id="obs_40_0041__i1072152911147">Object name prefix</em>* to indicate objects starting with this prefix in a bucket. Example:<p id="obs_40_0041__p148641724165711">imgs*</p>
+<p id="obs_40_0041__p27361558140">On OBS Console, you can apply a bucket policy to the following resources: the current bucket, and all objects in a bucket.</p>
+<p id="obs_40_0041__p3201152310539">You can specify the resources to include or exclude:</p>
+<ul id="obs_40_0041__ul18201323125311"><li id="obs_40_0041__li1620132355317"><strong id="obs_40_0041__b16499151914457">Include</strong>: The bucket policy applies to specified OBS resources.</li><li id="obs_40_0041__li31631932182413"><strong id="obs_40_0041__b59251524104514">Exclude</strong>: The bucket policy applies to OBS resources except the specified ones.</li></ul>
+<p id="obs_40_0041__p4748115711511"><strong id="obs_40_0041__b1421592619112">Applying a bucket policy to a bucket</strong></p>
+<p id="obs_40_0041__p7692111610414">To apply a bucket policy to the current bucket, keep the resource text box empty. When configuring actions for the policy, select bucket related actions.</p>
+<p id="obs_40_0041__p1858224595420"><strong id="obs_40_0041__b1211925451115">Applying a bucket policy to specified objects</strong></p>
+<p id="obs_40_0041__p1020118236532">To apply a bucket policy to specified objects in a bucket, object-related actions must be configured in the policy. </p>
+<ul id="obs_40_0041__ul1620119232537"><li id="obs_40_0041__li72011823155312">For an object, enter the object name (including its folder name if any). For example, if the resource is the <strong id="obs_40_0041__b0225719165314">example.jpg</strong> file in the <strong id="obs_40_0041__b112321919185319">imgs-folder</strong> folder in the bucket, enter the following in the resource text box:<p id="obs_40_0041__p182671834115620"><strong id="obs_40_0041__b11371825121318">imgs-folder/example.jpg</strong></p>
+</li><li id="obs_40_0041__li8201623115313">For an object set, use the wildcard asterisk (*). The asterisk (*) indicates an empty string or any combination of characters.<ul id="obs_40_0041__ul15201192315537"><li id="obs_40_0041__li1220282315531">Use only one asterisk (*) to indicate all objects in a bucket.</li><li id="obs_40_0041__li52024233535">Use <em id="obs_40_0041__i1072152911147">Object name prefix</em>* to indicate objects with this prefix in a bucket. Example:<p id="obs_40_0041__p148641724165711">imgs*</p>
 </li></ul>
-<ul id="obs_40_0041__ul1520213232535"><li id="obs_40_0041__li7202112335317">Use *<em id="obs_40_0041__i373552281518">Object name suffix</em> to indicate objects ending with this suffix in a bucket. Example:<p id="obs_40_0041__p19330184135712">*.jpg</p>
+<ul id="obs_40_0041__ul1520213232535"><li id="obs_40_0041__li7202112335317">Use *<em id="obs_40_0041__i373552281518">Object name suffix</em> to indicate objects with this suffix in a bucket. Example:<p id="obs_40_0041__p19330184135712">*.jpg</p>
 </li></ul>
 </li></ul>
 <div class="note" id="obs_40_0041__note1484124911416"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0041__p11485104918419">Use commas (,) to separate one object (or object set) from another.</p>
 </div></div>
-<div class="section" id="obs_40_0041__en-us_topic_0118394684_section14714311143713"><h4 class="sectiontitle">Condition</h4><p id="obs_40_0041__p175010131315">In addition to the effect, principal, resources, and actions, you can also specify the conditions under which a bucket policy takes effect. The bucket policy takes effect only when its condition expressions match values contained in the request. Conditions are optional. You can choose whether to configure them.</p>
-<p id="obs_40_0041__p192962645715">For example, if account A needs to have full control over an object uploaded by account B to bucket <strong id="obs_40_0041__b2620845181819">example</strong> of account A, the <strong id="obs_40_0041__b156201545111820">x-obs-acl</strong> key must be specified in the upload request and the policy effect must be set to <strong id="obs_40_0041__b56209452185">Allow</strong> for account A. The complete condition expression is as follows:</p>
+<div class="section" id="obs_40_0041__en-us_topic_0118394684_section14714311143713"><h4 class="sectiontitle">Condition</h4><p id="obs_40_0041__p175010131315">In addition to the effect, principals, resources, and actions, you can also specify the conditions for a bucket policy to take effect. The bucket policy is applied only when its condition expressions match the values contained in the request. Conditions are optional. You can choose whether to configure them.</p>
+<p id="obs_40_0041__p192962645715">For example, if account A needs to have full control over an object uploaded by account B to bucket <strong id="obs_40_0041__b370165272420">example</strong> of account A, the <strong id="obs_40_0041__b87085213247">x-obs-acl</strong> key must be specified in the upload request and the policy effect must be set to <strong id="obs_40_0041__b0701752182411">Allow</strong> for account A. The complete condition expression is as follows:</p>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table4665122635716" frame="border" border="1" rules="all"><thead align="left"><tr id="obs_40_0041__row18929192605713"><th align="left" class="cellrowborder" valign="top" width="26.529999999999998%" id="mcps1.3.40.4.1.4.1.1"><p id="obs_40_0041__p1692982625718">Conditional Operator</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table4665122635716" frame="border" border="1" rules="all"><thead align="left"><tr id="obs_40_0041__row18929192605713"><th align="left" class="cellrowborder" valign="top" width="26.529999999999998%" id="mcps1.3.40.4.1.4.1.1"><p id="obs_40_0041__p1692982625718">Condition Operator</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="35.709999999999994%" id="mcps1.3.40.4.1.4.1.2"><p id="obs_40_0041__p1192982612571">Key</p>
 </th>
@@ -432,22 +432,23 @@
 </tbody>
 </table>
 </div>
-<p id="obs_40_0041__p2093052665712">A condition consists of three parts: conditional operator, key, and value. If there are multiple identical keys in the same conditional operator, only the last key is retained. Conditional operators and keys are mutually restricted:</p>
-<ul id="obs_40_0041__ul2928191410501"><li id="obs_40_0041__li9928101465017">If you select a conditional operator of the string type, for example, <strong id="obs_40_0041__b660422315264">StringEquals</strong>, the key can only be of the string type, for example, <strong id="obs_40_0041__b96048233266">UserAgent</strong>.</li><li id="obs_40_0041__li916352425717">Likewise, if a key of the date type is selected, for example, <strong id="obs_40_0041__b1099219434321">CurrentTime</strong>, the conditional operator can only be of the date type, for example, <strong id="obs_40_0041__b1199314318327">DateEquals</strong>.</li></ul>
-<p id="obs_40_0041__p91971956124516"><a href="#obs_40_0041__en-us_topic_0118394684_table18965458">Table 4</a> lists the general condition types that you can specify.</p>
+<p id="obs_40_0041__p7700134281412">A condition consists of condition operator, key, and value. If there are multiple identical keys in the same condition operator, only the last key is retained. Condition operators and keys are correlated. If you select a string type, for example, <strong id="obs_40_0041__b137401538165220">StringEquals</strong>, for a condition operator, the key can only be a string type, for example, <strong id="obs_40_0041__b198248536537">UserAgent</strong>. Likewise, if you select a key of the date type, for example, <strong id="obs_40_0041__b2037117113512">CurrentTime</strong>, the condition operator can only be a date type, for example, <strong id="obs_40_0041__b23711711135110">DateEquals</strong>.</p>
+<ul id="obs_40_0041__ul12880010115914"><li id="obs_40_0041__li171351258144318"><strong id="obs_40_0041__b126611471402">Condition operators</strong><p id="obs_40_0041__p209907974412">A condition operator, a condition key, and a condition value together constitute a complete condition statement. A policy can be applied only when its request conditions are met. <a href="#obs_40_0041__en-us_topic_0118394684_table18965458">Table 4</a> lists the condition operators available for statements. String condition operators are not case-sensitive unless otherwise specified.</p>
+<p id="obs_40_0041__p166041357121018"></p>
+</li></ul>
 </div>
 
-<div class="tablenoborder"><a name="obs_40_0041__en-us_topic_0118394684_table18965458"></a><a name="en-us_topic_0118394684_table18965458"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__en-us_topic_0118394684_table18965458" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Conditional operators</caption><thead align="left"><tr id="obs_40_0041__en-us_topic_0118394684_row16641116"><th align="left" class="cellrowborder" valign="top" width="14.29%" id="mcps1.3.41.2.4.1.1"><p id="obs_40_0041__en-us_topic_0118394684_p5753193">Type</p>
+<div class="tablenoborder"><a name="obs_40_0041__en-us_topic_0118394684_table18965458"></a><a name="en-us_topic_0118394684_table18965458"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__en-us_topic_0118394684_table18965458" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Condition operators</caption><thead align="left"><tr id="obs_40_0041__en-us_topic_0118394684_row16641116"><th align="left" class="cellrowborder" valign="top" width="14.280000000000001%" id="mcps1.3.41.2.4.1.1"><p id="obs_40_0041__en-us_topic_0118394684_p5753193">Type</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="35.709999999999994%" id="mcps1.3.41.2.4.1.2"><p id="obs_40_0041__en-us_topic_0118394684_p33328392">Element</p>
+<th align="left" class="cellrowborder" valign="top" width="35.72%" id="mcps1.3.41.2.4.1.2"><p id="obs_40_0041__en-us_topic_0118394684_p33328392">Element</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.41.2.4.1.3"><p id="obs_40_0041__en-us_topic_0118394684_p2989297">Description</p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0041__en-us_topic_0118394684_row31714287"><td class="cellrowborder" rowspan="6" valign="top" width="14.29%" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p18720486">String</p>
+<tbody><tr id="obs_40_0041__en-us_topic_0118394684_row31714287"><td class="cellrowborder" rowspan="6" valign="top" width="14.280000000000001%" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p18720486">String</p>
 </td>
-<td class="cellrowborder" valign="top" width="35.709999999999994%" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p39964360">StringEquals</p>
+<td class="cellrowborder" valign="top" width="35.72%" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p39964360">StringEquals</p>
 </td>
 <td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.41.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p15887743">Strict matching. Short version: streq</p>
 </td>
@@ -477,17 +478,17 @@
 <td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p4201690">Negated loose case-sensitive matching. The values can include a multi-character match wildcard (*) or a single-character match wildcard (?) anywhere in the string. Short version: strnl</p>
 </td>
 </tr>
-<tr id="obs_40_0041__en-us_topic_0118394684_row37815214"><td class="cellrowborder" rowspan="6" valign="top" width="14.29%" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p43133484">Numeric</p>
+<tr id="obs_40_0041__en-us_topic_0118394684_row37815214"><td class="cellrowborder" rowspan="6" valign="top" width="14.280000000000001%" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p43133484">Numeric</p>
 </td>
-<td class="cellrowborder" valign="top" width="35.709999999999994%" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p4151319">NumericEquals</p>
+<td class="cellrowborder" valign="top" width="35.72%" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p4151319">NumericEquals</p>
 </td>
-<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.41.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p712534">Strict matching. Short version: numeq</p>
+<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.41.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p712534">Matching. Short version: numeq</p>
 <p id="obs_40_0041__p4564172263319"><strong id="obs_40_0041__b13935193711456">Numeric</strong> indicates a data type expressed in numbers.</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row6412809"><td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p49675490">NumericNotEquals</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p64291715">Strict negated matching. Short version: numneq</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p64291715">Negated matching. Short version: numneq</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row41754526"><td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p26673471">NumericLessThan</p>
@@ -510,55 +511,55 @@
 <td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p66007492">"Greater than or equals" matching. Short version: numgteq</p>
 </td>
 </tr>
-<tr id="obs_40_0041__en-us_topic_0118394684_row57196524"><td class="cellrowborder" rowspan="6" valign="top" width="14.29%" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p2406899">Date</p>
+<tr id="obs_40_0041__en-us_topic_0118394684_row57196524"><td class="cellrowborder" rowspan="6" valign="top" width="14.280000000000001%" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p2406899">Date</p>
 </td>
-<td class="cellrowborder" valign="top" width="35.709999999999994%" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p60741093">DateEquals</p>
+<td class="cellrowborder" valign="top" width="35.72%" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p60741093">DateEquals</p>
 </td>
-<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.41.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p21081516">Strict matching. Short version: dateeq</p>
+<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.41.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p21081516">Matching a specific date. Short version: dateeq</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row55515923"><td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p495924">DateNotEquals</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p40169885">Strict negated matching. Short version: dateneq</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p40169885">Negated matching. Short version: dateneq</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row25984653"><td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p24382134">DateLessThan</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p28795836">Indicates that the date is earlier than a specific date. Short version: datelt</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p28795836">The date is earlier than a specific date. Short version: datelt</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row57835933"><td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p54198968">DateLessThanEquals</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p28040292">Indicates that the date is earlier than or equal to a specific date. Short version: datelteq</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p28040292">The date is earlier than or equal to a specific date. Short version: datelteq</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row51036040"><td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p40278543">DateGreaterThan</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p41336571">Indicates that the date is later than a specific date. Short version: dategt</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p41336571">The date is later than a specific date. Short version: dategt</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row36484827"><td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p2480985">DateGreaterThanEquals</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p66742063">Indicates that the date is later than or equal to a specific date. Short version: dategteq</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p66742063">The date is later than or equal to a specific date. Short version: dategteq</p>
 </td>
 </tr>
-<tr id="obs_40_0041__en-us_topic_0118394684_row63807659"><td class="cellrowborder" valign="top" width="14.29%" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p1037881">Boolean</p>
+<tr id="obs_40_0041__en-us_topic_0118394684_row63807659"><td class="cellrowborder" valign="top" width="14.280000000000001%" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p1037881">Boolean</p>
 </td>
-<td class="cellrowborder" valign="top" width="35.709999999999994%" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p16959540">Bool</p>
+<td class="cellrowborder" valign="top" width="35.72%" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p16959540">Bool</p>
 </td>
 <td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.41.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p31545475">Strict Boolean matching</p>
 </td>
 </tr>
-<tr id="obs_40_0041__en-us_topic_0118394684_row15473822"><td class="cellrowborder" rowspan="2" valign="top" width="14.29%" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p45420039">IP address</p>
+<tr id="obs_40_0041__en-us_topic_0118394684_row15473822"><td class="cellrowborder" rowspan="2" valign="top" width="14.280000000000001%" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p45420039">IP address</p>
 </td>
-<td class="cellrowborder" valign="top" width="35.709999999999994%" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p55144504">IpAddress</p>
+<td class="cellrowborder" valign="top" width="35.72%" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p55144504">IpAddress</p>
 </td>
-<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.41.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p37519834">Specified IP address or IP address range</p>
+<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.41.2.4.1.3 "><p id="obs_40_0041__en-us_topic_0118394684_p37519834">Specified IP address or range</p>
 </td>
 </tr>
 <tr id="obs_40_0041__en-us_topic_0118394684_row2134188"><td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p38651578">NotIpAddress</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p43770124">All IP addresses excluding the specified IP address or IP address range</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.41.2.4.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p43770124">All IP addresses excluding the specified IP address or range</p>
 </td>
 </tr>
 </tbody>
@@ -578,57 +579,60 @@
   "SourceIp" : ["192.168.176.0/24","192.168.143.0/24"] 
   } 
 }</pre>
-<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p14362392">Keys in a condition can be classified into three types: general keys, keys related to bucket actions, and keys related to object actions.</p>
+<ul id="obs_40_0041__ul13820737111618"><li id="obs_40_0041__li582083701610"><strong id="obs_40_0041__b6644721155016">Condition keys</strong></li></ul>
+<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p14362392">Keys in a condition can be classified into general keys, keys related to actions on buckets, and keys related to actions on objects.</p>
 <p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p62152665">The following table lists the keys that are not related to actions.</p>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table6707152645718" frame="border" border="1" rules="all"><caption><b>Table 5 </b>General keys</caption><thead align="left"><tr id="obs_40_0041__row1935926135711"><th align="left" class="cellrowborder" valign="top" width="24%" id="mcps1.3.47.2.4.1.1"><p id="obs_40_0041__p1793592611576">Key</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table6707152645718" frame="border" border="1" rules="all"><caption><b>Table 5 </b>General keys</caption><thead align="left"><tr id="obs_40_0041__row1935926135711"><th align="left" class="cellrowborder" valign="top" width="15.160000000000002%" id="mcps1.3.48.2.4.1.1"><p id="obs_40_0041__p1793592611576">Key</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="28.000000000000004%" id="mcps1.3.47.2.4.1.2"><p id="obs_40_0041__p793514267571">Type</p>
+<th align="left" class="cellrowborder" valign="top" width="19.11%" id="mcps1.3.48.2.4.1.2"><p id="obs_40_0041__p793514267571">Type</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="48%" id="mcps1.3.47.2.4.1.3"><p id="obs_40_0041__p3935122615719">Description</p>
+<th align="left" class="cellrowborder" valign="top" width="65.73%" id="mcps1.3.48.2.4.1.3"><p id="obs_40_0041__p3935122615719">Description</p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0041__row3935172613579"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.47.2.4.1.1 "><p id="obs_40_0041__p89351926115716">CurrentTime</p>
+<tbody><tr id="obs_40_0041__row3935172613579"><td class="cellrowborder" valign="top" width="15.160000000000002%" headers="mcps1.3.48.2.4.1.1 "><p id="obs_40_0041__p89351926115716">CurrentTime</p>
 </td>
-<td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.47.2.4.1.2 "><p id="obs_40_0041__p8935226155711">Date</p>
+<td class="cellrowborder" valign="top" width="19.11%" headers="mcps1.3.48.2.4.1.2 "><p id="obs_40_0041__p8935226155711">Date</p>
 </td>
-<td class="cellrowborder" valign="top" width="48%" headers="mcps1.3.47.2.4.1.3 "><p id="obs_40_0041__p129353268579">Indicates the date when the request is received by the server. The date format must comply with ISO 8601.</p>
+<td class="cellrowborder" valign="top" width="65.73%" headers="mcps1.3.48.2.4.1.3 "><p id="obs_40_0041__p129353268579">Date when the request is received by the server. The date format must comply with ISO 8601.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row99361826135711"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.47.2.4.1.1 "><p id="obs_40_0041__p893662675713">EpochTime</p>
+<tr id="obs_40_0041__row99361826135711"><td class="cellrowborder" valign="top" width="15.160000000000002%" headers="mcps1.3.48.2.4.1.1 "><p id="obs_40_0041__p893662675713">EpochTime</p>
 </td>
-<td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.47.2.4.1.2 "><p id="obs_40_0041__p17936626155716">Numeric</p>
+<td class="cellrowborder" valign="top" width="19.11%" headers="mcps1.3.48.2.4.1.2 "><p id="obs_40_0041__p17936626155716">Numeric</p>
 </td>
-<td class="cellrowborder" valign="top" width="48%" headers="mcps1.3.47.2.4.1.3 "><p id="obs_40_0041__p893610266576">Indicates the time when the request is received by the server, which is expressed as seconds since 1970.01.01 00:00:00 UTC, regardless of the leap seconds.</p>
+<td class="cellrowborder" valign="top" width="65.73%" headers="mcps1.3.48.2.4.1.3 "><p id="obs_40_0041__p893610266576">Time when the request is received by the server, which is expressed as seconds since 1970.01.01 00:00:00 UTC, regardless of the leap seconds</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row159361226145714"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.47.2.4.1.1 "><p id="obs_40_0041__p893692618570">SecureTransport</p>
+<tr id="obs_40_0041__row159361226145714"><td class="cellrowborder" valign="top" width="15.160000000000002%" headers="mcps1.3.48.2.4.1.1 "><p id="obs_40_0041__p893692618570">SecureTransport</p>
 </td>
-<td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.47.2.4.1.2 "><p id="obs_40_0041__p4936182635719">Bool</p>
+<td class="cellrowborder" valign="top" width="19.11%" headers="mcps1.3.48.2.4.1.2 "><p id="obs_40_0041__p4936182635719">Bool</p>
 </td>
-<td class="cellrowborder" valign="top" width="48%" headers="mcps1.3.47.2.4.1.3 "><p id="obs_40_0041__p1936172613574">Indicates whether requests are encrypted using SSL.</p>
+<td class="cellrowborder" valign="top" width="65.73%" headers="mcps1.3.48.2.4.1.3 "><p id="obs_40_0041__p1936172613574">Whether the request is encrypted using SSL</p>
+<div class="note" id="obs_40_0041__note159745016350"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0041__p497417063515">The value can be either <strong id="obs_40_0041__b526125291414">true</strong> or <strong id="obs_40_0041__b10635115412141">false</strong>. Any other values you enter will become <strong id="obs_40_0041__b35601917162215">false</strong> by default.</p>
+</div></div>
 </td>
 </tr>
-<tr id="obs_40_0041__row1936326155719"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.47.2.4.1.1 "><p id="obs_40_0041__p1693616267579">SourceIp</p>
+<tr id="obs_40_0041__row1936326155719"><td class="cellrowborder" valign="top" width="15.160000000000002%" headers="mcps1.3.48.2.4.1.1 "><p id="obs_40_0041__p1693616267579">SourceIp</p>
 </td>
-<td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.47.2.4.1.2 "><p id="obs_40_0041__p1993652625717">IP address</p>
+<td class="cellrowborder" valign="top" width="19.11%" headers="mcps1.3.48.2.4.1.2 "><p id="obs_40_0041__p1993652625717">IP address</p>
 </td>
-<td class="cellrowborder" valign="top" width="48%" headers="mcps1.3.47.2.4.1.3 "><p id="obs_40_0041__p1693692615716">Source IP address from which the request is sent</p>
+<td class="cellrowborder" valign="top" width="65.73%" headers="mcps1.3.48.2.4.1.3 "><p id="obs_40_0041__p1693692615716">Source (client) IP address of the request</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row1193652695714"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.47.2.4.1.1 "><p id="obs_40_0041__p129361426125712">UserAgent</p>
+<tr id="obs_40_0041__row1193652695714"><td class="cellrowborder" valign="top" width="15.160000000000002%" headers="mcps1.3.48.2.4.1.1 "><p id="obs_40_0041__p129361426125712">UserAgent</p>
 </td>
-<td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.47.2.4.1.2 "><p id="obs_40_0041__p393662612574">String</p>
+<td class="cellrowborder" valign="top" width="19.11%" headers="mcps1.3.48.2.4.1.2 "><p id="obs_40_0041__p393662612574">String</p>
 </td>
-<td class="cellrowborder" valign="top" width="48%" headers="mcps1.3.47.2.4.1.3 "><p id="obs_40_0041__p159364265574">Requested client software agent</p>
+<td class="cellrowborder" valign="top" width="65.73%" headers="mcps1.3.48.2.4.1.3 "><p id="obs_40_0041__p159364265574">Requested client software agent</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row293620261576"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.47.2.4.1.1 "><p id="obs_40_0041__p493602675716">Referer</p>
+<tr id="obs_40_0041__row293620261576"><td class="cellrowborder" valign="top" width="15.160000000000002%" headers="mcps1.3.48.2.4.1.1 "><p id="obs_40_0041__p493602675716">Referer</p>
 </td>
-<td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.47.2.4.1.2 "><p id="obs_40_0041__p14936172685719">String</p>
+<td class="cellrowborder" valign="top" width="19.11%" headers="mcps1.3.48.2.4.1.2 "><p id="obs_40_0041__p14936172685719">String</p>
 </td>
-<td class="cellrowborder" valign="top" width="48%" headers="mcps1.3.47.2.4.1.3 "><p id="obs_40_0041__p893617261578">Indicates the link from which the request is sent.</p>
+<td class="cellrowborder" valign="top" width="65.73%" headers="mcps1.3.48.2.4.1.3 "><p id="obs_40_0041__p893617261578">Link from which the request is sent</p>
 </td>
 </tr>
 </tbody>
@@ -636,172 +640,172 @@
 </div>
 <p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p24480756">Keys in a condition must be used in certain actions. The following table lists the mapping between actions and the keys in a condition.</p>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table1972610267573" frame="border" border="1" rules="all"><caption><b>Table 6 </b>Keys related to bucket actions</caption><thead align="left"><tr id="obs_40_0041__row6936152645711"><th align="left" class="cellrowborder" valign="top" width="19.608039196080394%" id="mcps1.3.49.2.5.1.1"><p id="obs_40_0041__p8937726175712">Action</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table1972610267573" frame="border" border="1" rules="all"><caption><b>Table 6 </b>Keys related to bucket actions</caption><thead align="left"><tr id="obs_40_0041__row6936152645711"><th align="left" class="cellrowborder" valign="top" width="19.58804119588041%" id="mcps1.3.50.2.5.1.1"><p id="obs_40_0041__p8937726175712">Action</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="14.788521147885211%" id="mcps1.3.49.2.5.1.2"><p id="obs_40_0041__p9937182635715">Optional Key</p>
+<th align="left" class="cellrowborder" valign="top" width="14.808519148085193%" id="mcps1.3.50.2.5.1.2"><p id="obs_40_0041__p9937182635715">Optional Key</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="43.05569443055695%" id="mcps1.3.49.2.5.1.3"><p id="obs_40_0041__p10937826175712">Description</p>
+<th align="left" class="cellrowborder" valign="top" width="43.05569443055695%" id="mcps1.3.50.2.5.1.3"><p id="obs_40_0041__p10937826175712">Description</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="22.547745225477453%" id="mcps1.3.49.2.5.1.4"><p id="obs_40_0041__p1096873771416">Remarks</p>
+<th align="left" class="cellrowborder" valign="top" width="22.547745225477453%" id="mcps1.3.50.2.5.1.4"><p id="obs_40_0041__p1096873771416">Remarks</p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0041__row593712616576"><td class="cellrowborder" rowspan="3" valign="top" width="19.608039196080394%" headers="mcps1.3.49.2.5.1.1 "><p id="obs_40_0041__p59379267576">ListBucket</p>
+<tbody><tr id="obs_40_0041__row593712616576"><td class="cellrowborder" rowspan="3" valign="top" width="19.58804119588041%" headers="mcps1.3.50.2.5.1.1 "><p id="obs_40_0041__p59379267576">ListBucket</p>
 </td>
-<td class="cellrowborder" valign="top" width="14.788521147885211%" headers="mcps1.3.49.2.5.1.2 "><p id="obs_40_0041__p13937182675716">prefix</p>
+<td class="cellrowborder" valign="top" width="14.808519148085193%" headers="mcps1.3.50.2.5.1.2 "><p id="obs_40_0041__p13937182675716">prefix</p>
 </td>
-<td class="cellrowborder" valign="top" width="43.05569443055695%" headers="mcps1.3.49.2.5.1.3 "><p id="obs_40_0041__p9937926155719">Type: String. Lists objects that begin with the specified prefix.</p>
+<td class="cellrowborder" valign="top" width="43.05569443055695%" headers="mcps1.3.50.2.5.1.3 "><p id="obs_40_0041__p9937926155719">Type: String. Lists objects with the specified prefix.</p>
 </td>
-<td class="cellrowborder" rowspan="6" valign="top" width="22.547745225477453%" headers="mcps1.3.49.2.5.1.4 "><p id="obs_40_0041__p175983818155">If <strong id="obs_40_0041__b4319102110504">prefix</strong>, <strong id="obs_40_0041__b15319182112508">delimiter</strong>, and <strong id="obs_40_0041__b13320202135016">max-keys</strong> are configured, the key-value pair meeting the conditions must be specified in the List operation for the bucket policy to take effect.</p>
-<p id="obs_40_0041__p153725312183">For example, if a bucket policy (with the conditional operator set to <strong id="obs_40_0041__b517832711178">NumericEquals</strong>, the key to <strong id="obs_40_0041__b41841527191712">max-keys</strong>, and the value to <strong id="obs_40_0041__b2018412713176">100</strong>) that allows anonymous users to read data is configured for a bucket, the anonymous users must add <strong id="obs_40_0041__b01677330176">?max-keys=100</strong> to the end of the bucket domain name for listing objects. The listed objects are the first 100 objects in alphabetic order.</p>
+<td class="cellrowborder" rowspan="6" valign="top" width="22.547745225477453%" headers="mcps1.3.50.2.5.1.4 "><p id="obs_40_0041__p175983818155">If <strong id="obs_40_0041__b4319102110504">prefix</strong>, <strong id="obs_40_0041__b15319182112508">delimiter</strong>, and <strong id="obs_40_0041__b13320202135016">max-keys</strong> are configured for a bucket policy, the List requests must contain the matched key-value pair.</p>
+<p id="obs_40_0041__p153725312183">For example, if a bucket policy (with the condition operator set to <strong id="obs_40_0041__b517832711178">NumericEquals</strong>, the key to <strong id="obs_40_0041__b41841527191712">max-keys</strong>, and the value to <strong id="obs_40_0041__b2018412713176">100</strong>) is configured to allow anonymous users to read data from a bucket, the List requests from the anonymous users must have <strong id="obs_40_0041__b01677330176">?max-keys=100</strong> at the end of the bucket domain name. The listed objects are the first 100 objects in alphabetic order.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row993792685715"><td class="cellrowborder" valign="top" headers="mcps1.3.49.2.5.1.1 "><p id="obs_40_0041__p69371126115716">delimiter</p>
+<tr id="obs_40_0041__row993792685715"><td class="cellrowborder" valign="top" headers="mcps1.3.50.2.5.1.1 "><p id="obs_40_0041__p69371126115716">delimiter</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.49.2.5.1.2 "><p id="obs_40_0041__p7937172675719">Type: String. Groups objects in a bucket.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.50.2.5.1.2 "><p id="obs_40_0041__p7937172675719">Type: String. Groups objects in a bucket.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row13937226115711"><td class="cellrowborder" valign="top" headers="mcps1.3.49.2.5.1.1 "><p id="obs_40_0041__p293712266579">max-keys</p>
+<tr id="obs_40_0041__row13937226115711"><td class="cellrowborder" valign="top" headers="mcps1.3.50.2.5.1.1 "><p id="obs_40_0041__p293712266579">max-keys</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.49.2.5.1.2 "><p id="obs_40_0041__p2093752619576">Type: Numeric. Sets the maximum number of objects. Returned objects are listed in alphabetic order.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.50.2.5.1.2 "><p id="obs_40_0041__p2093752619576">Type: Numeric. Sets the maximum number of objects. Returned objects are listed in alphabetic order.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row8937926195711"><td class="cellrowborder" rowspan="3" valign="top" headers="mcps1.3.49.2.5.1.1 "><p id="obs_40_0041__p393712675711">ListBucketVersions</p>
+<tr id="obs_40_0041__row8937926195711"><td class="cellrowborder" rowspan="3" valign="top" headers="mcps1.3.50.2.5.1.1 "><p id="obs_40_0041__p393712675711">ListBucketVersions</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.49.2.5.1.2 "><p id="obs_40_0041__p09372264575">prefix</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.50.2.5.1.2 "><p id="obs_40_0041__p09372264575">prefix</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.49.2.5.1.3 "><p id="obs_40_0041__p693772615577">Type: String. Lists multi-version objects whose name starts with the specified prefix.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.50.2.5.1.3 "><p id="obs_40_0041__p693772615577">Type: String. Lists multi-version objects with the specified prefix.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row993715262572"><td class="cellrowborder" valign="top" headers="mcps1.3.49.2.5.1.1 "><p id="obs_40_0041__p119371326175713">delimiter</p>
+<tr id="obs_40_0041__row993715262572"><td class="cellrowborder" valign="top" headers="mcps1.3.50.2.5.1.1 "><p id="obs_40_0041__p119371326175713">delimiter</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.49.2.5.1.2 "><p id="obs_40_0041__p6937162615576">Type: String. Groups objects of different versions in a bucket.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.50.2.5.1.2 "><p id="obs_40_0041__p6937162615576">Type: String. Groups objects of different versions in a bucket.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row693722612571"><td class="cellrowborder" valign="top" headers="mcps1.3.49.2.5.1.1 "><p id="obs_40_0041__p15937326155717">max-keys</p>
+<tr id="obs_40_0041__row693722612571"><td class="cellrowborder" valign="top" headers="mcps1.3.50.2.5.1.1 "><p id="obs_40_0041__p15937326155717">max-keys</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.49.2.5.1.2 "><p id="obs_40_0041__p12938122617571">Type: Numeric. Sets the maximum number of objects. Returned objects are listed in alphabetic order.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.50.2.5.1.2 "><p id="obs_40_0041__p12938122617571">Type: Numeric. Sets the maximum number of objects. Returned objects are listed in alphabetic order.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row193842612574"><td class="cellrowborder" valign="top" width="19.608039196080394%" headers="mcps1.3.49.2.5.1.1 "><p id="obs_40_0041__p1793819263575">PutBucketAcl</p>
+<tr id="obs_40_0041__row193842612574"><td class="cellrowborder" valign="top" width="19.58804119588041%" headers="mcps1.3.50.2.5.1.1 "><p id="obs_40_0041__p1793819263575">PutBucketAcl</p>
 </td>
-<td class="cellrowborder" valign="top" width="14.788521147885211%" headers="mcps1.3.49.2.5.1.2 "><p id="obs_40_0041__p139381226195719">x-obs-acl</p>
+<td class="cellrowborder" valign="top" width="14.808519148085193%" headers="mcps1.3.50.2.5.1.2 "><p id="obs_40_0041__p139381226195719">x-obs-acl</p>
 </td>
-<td class="cellrowborder" valign="top" width="43.05569443055695%" headers="mcps1.3.49.2.5.1.3 "><p id="obs_40_0041__p793892605711">Type: String. Configures the bucket ACL. When modifying a bucket ACL, you can use the request that contains a canned ACL setting in its header. Value options of a canned ACL setting: <strong id="obs_40_0041__b68479615188">private|public-read|public-read-write|bucketowner-read|log-delivery-write</strong>.</p>
+<td class="cellrowborder" valign="top" width="43.05569443055695%" headers="mcps1.3.50.2.5.1.3 "><p id="obs_40_0041__p793892605711">Type: String. Configures the bucket ACL. When modifying a bucket ACL, you can use the request that contains a canned ACL setting in its header. Value options of a canned ACL setting: <strong id="obs_40_0041__b68479615188">private|public-read|public-read-write|bucketowner-read|log-delivery-write</strong>.</p>
 </td>
-<td class="cellrowborder" valign="top" width="22.547745225477453%" headers="mcps1.3.49.2.5.1.4 "><p id="obs_40_0041__p9968173791419">None</p>
+<td class="cellrowborder" valign="top" width="22.547745225477453%" headers="mcps1.3.50.2.5.1.4 "><p id="obs_40_0041__p9968173791419">None</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table14742526145718" frame="border" border="1" rules="all"><caption><b>Table 7 </b>Keys related to object actions</caption><thead align="left"><tr id="obs_40_0041__row293802635716"><th align="left" class="cellrowborder" valign="top" width="23.47%" id="mcps1.3.50.2.4.1.1"><p id="obs_40_0041__p99381026135710">Action</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__table14742526145718" frame="border" border="1" rules="all"><caption><b>Table 7 </b>Keys related to object actions</caption><thead align="left"><tr id="obs_40_0041__row293802635716"><th align="left" class="cellrowborder" valign="top" width="23.47%" id="mcps1.3.51.2.4.1.1"><p id="obs_40_0041__p99381026135710">Action</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="27.55%" id="mcps1.3.50.2.4.1.2"><p id="obs_40_0041__p2938132618576">Optional Key</p>
+<th align="left" class="cellrowborder" valign="top" width="27.55%" id="mcps1.3.51.2.4.1.2"><p id="obs_40_0041__p2938132618576">Optional Key</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="48.980000000000004%" id="mcps1.3.50.2.4.1.3"><p id="obs_40_0041__p19938726175710">Description</p>
+<th align="left" class="cellrowborder" valign="top" width="48.980000000000004%" id="mcps1.3.51.2.4.1.3"><p id="obs_40_0041__p19938726175710">Description</p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0041__row19939182618579"><td class="cellrowborder" rowspan="4" valign="top" width="23.47%" headers="mcps1.3.50.2.4.1.1 "><p id="obs_40_0041__p893942695710">PutObject</p>
+<tbody><tr id="obs_40_0041__row19939182618579"><td class="cellrowborder" rowspan="4" valign="top" width="23.47%" headers="mcps1.3.51.2.4.1.1 "><p id="obs_40_0041__p893942695710">PutObject</p>
 </td>
-<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.50.2.4.1.2 "><p id="obs_40_0041__p493902613571">x-obs-acl</p>
+<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.51.2.4.1.2 "><p id="obs_40_0041__p493902613571">x-obs-acl</p>
 </td>
-<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.50.2.4.1.3 "><p id="obs_40_0041__p861813885512">Type: String. Configures the object ACL. When uploading an object, you can use the request that contains a canned ACL setting in its header. Value options of a canned ACL setting: <strong id="obs_40_0041__b7231133602115">private|public-read|public-read-write|bucketowner-read|bucket-owner-full-control|log-delivery-write</strong>.</p>
+<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.51.2.4.1.3 "><p id="obs_40_0041__p861813885512">Type: String. Configures the object ACL. When uploading an object, you can use the request that contains a canned ACL setting in its header. Value options of a canned ACL setting: <strong id="obs_40_0041__b7231133602115">private|public-read|public-read-write|bucketowner-read|bucket-owner-full-control|log-delivery-write</strong>.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row293932619571"><td class="cellrowborder" valign="top" headers="mcps1.3.50.2.4.1.1 "><p id="obs_40_0041__p19391026155720">x-obs-copy-source</p>
+<tr id="obs_40_0041__row293932619571"><td class="cellrowborder" valign="top" headers="mcps1.3.51.2.4.1.1 "><p id="obs_40_0041__p19391026155720">x-obs-copy-source</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.50.2.4.1.2 "><p id="obs_40_0041__p393942620578">Type: String. Specifies names of the source bucket and the source object. Format: <strong id="obs_40_0041__b203521941102120">/</strong><em id="obs_40_0041__i10352341152119">bucketname</em><strong id="obs_40_0041__b163532418219">/</strong><em id="obs_40_0041__i14353174117217">keyname</em></p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.51.2.4.1.2 "><p id="obs_40_0041__p393942620578">Type: String. Specifies names of the source bucket and the source object. Format: <strong id="obs_40_0041__b203521941102120">/</strong><em id="obs_40_0041__i10352341152119">bucketname</em><strong id="obs_40_0041__b163532418219">/</strong><em id="obs_40_0041__i14353174117217">keyname</em></p>
 </td>
 </tr>
-<tr id="obs_40_0041__row3939626125711"><td class="cellrowborder" valign="top" headers="mcps1.3.50.2.4.1.1 "><p id="obs_40_0041__p15939726165718">x-obs-metadata-directive</p>
+<tr id="obs_40_0041__row3939626125711"><td class="cellrowborder" valign="top" headers="mcps1.3.51.2.4.1.1 "><p id="obs_40_0041__p15939726165718">x-obs-metadata-directive</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.50.2.4.1.2 "><p id="obs_40_0041__p1293962614575">Type: String. Specifies whether to copy the metadata from the source object or replace with the metadata in the request. The value can be <strong id="obs_40_0041__b479062416226">COPY</strong> or <strong id="obs_40_0041__b114781926112212">REPLACE</strong>.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.51.2.4.1.2 "><p id="obs_40_0041__p1293962614575">Type: String. Specifies whether to copy the metadata of the source object or replace with the metadata in the request. The value can be <strong id="obs_40_0041__b479062416226">COPY</strong> or <strong id="obs_40_0041__b114781926112212">REPLACE</strong>.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row5806457133513"><td class="cellrowborder" valign="top" headers="mcps1.3.50.2.4.1.1 "><p id="obs_40_0041__p69702319365">x-obs-server-side-encryption</p>
+<tr id="obs_40_0041__row5806457133513"><td class="cellrowborder" valign="top" headers="mcps1.3.51.2.4.1.1 "><p id="obs_40_0041__p69702319365">x-obs-server-side-encryption</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.50.2.4.1.2 "><p id="obs_40_0041__p2888164583617">Type: String. Specifies that objects in a bucket are encrypted using SSE-KMS before they are stored. The value is <strong id="obs_40_0041__b115461010912">kms</strong>.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.51.2.4.1.2 "><p id="obs_40_0041__p2888164583617">Type: String. Specifies that objects in a bucket are encrypted using SSE-KMS before they are stored. The value is <strong id="obs_40_0041__b115461010912">kms</strong>.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row159391126185711"><td class="cellrowborder" valign="top" width="23.47%" headers="mcps1.3.50.2.4.1.1 "><p id="obs_40_0041__p6939202611579">PutObjectAcl</p>
+<tr id="obs_40_0041__row159391126185711"><td class="cellrowborder" valign="top" width="23.47%" headers="mcps1.3.51.2.4.1.1 "><p id="obs_40_0041__p6939202611579">PutObjectAcl</p>
 </td>
-<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.50.2.4.1.2 "><p id="obs_40_0041__p293992675713">x-obs-acl</p>
+<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.51.2.4.1.2 "><p id="obs_40_0041__p293992675713">x-obs-acl</p>
 </td>
-<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.50.2.4.1.3 "><p id="obs_40_0041__p26111442185511">Type: String. Configures the object ACL. When uploading an object, you can use the request that contains a canned ACL setting in its header. Value options of a canned ACL setting: <strong id="obs_40_0041__b7320154162218">private|public-read|public-read-write|bucketowner-read|bucket-owner-full-control|log-delivery-write</strong>.</p>
+<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.51.2.4.1.3 "><p id="obs_40_0041__p26111442185511">Type: String. Configures the object ACL. When uploading an object, you can use the request that contains a canned ACL setting in its header. Value options of a canned ACL setting: <strong id="obs_40_0041__b7320154162218">private|public-read|public-read-write|bucketowner-read|bucket-owner-full-control|log-delivery-write</strong>.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row14939172645713"><td class="cellrowborder" valign="top" width="23.47%" headers="mcps1.3.50.2.4.1.1 "><p id="obs_40_0041__p16939142613573">GetObjectVersion</p>
+<tr id="obs_40_0041__row14939172645713"><td class="cellrowborder" valign="top" width="23.47%" headers="mcps1.3.51.2.4.1.1 "><p id="obs_40_0041__p16939142613573">GetObjectVersion</p>
 </td>
-<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.50.2.4.1.2 "><p id="obs_40_0041__p1294002655714">versionId</p>
+<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.51.2.4.1.2 "><p id="obs_40_0041__p1294002655714">versionId</p>
 </td>
-<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.50.2.4.1.3 "><p id="obs_40_0041__p1494016264579">Type: String. Obtains the object with the specified version ID.</p>
+<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.51.2.4.1.3 "><p id="obs_40_0041__p1494016264579">Type: String. Obtains the object with the specified version ID.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row19940172645714"><td class="cellrowborder" valign="top" width="23.47%" headers="mcps1.3.50.2.4.1.1 "><p id="obs_40_0041__p2094002613577">GetObjectVersionAcl</p>
+<tr id="obs_40_0041__row19940172645714"><td class="cellrowborder" valign="top" width="23.47%" headers="mcps1.3.51.2.4.1.1 "><p id="obs_40_0041__p2094002613577">GetObjectVersionAcl</p>
 </td>
-<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.50.2.4.1.2 "><p id="obs_40_0041__p14940162685715">versionId</p>
+<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.51.2.4.1.2 "><p id="obs_40_0041__p14940162685715">versionId</p>
 </td>
-<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.50.2.4.1.3 "><p id="obs_40_0041__p13940192615574">Type: String. Obtains the ACL of the object with the specified version ID.</p>
+<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.51.2.4.1.3 "><p id="obs_40_0041__p13940192615574">Type: String. Obtains the ACL of the object with the specified version ID.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row99401326105715"><td class="cellrowborder" rowspan="2" valign="top" width="23.47%" headers="mcps1.3.50.2.4.1.1 "><p id="obs_40_0041__p994016263575">PutObjectVersionAcl</p>
+<tr id="obs_40_0041__row99401326105715"><td class="cellrowborder" rowspan="2" valign="top" width="23.47%" headers="mcps1.3.51.2.4.1.1 "><p id="obs_40_0041__p994016263575">PutObjectVersionAcl</p>
 </td>
-<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.50.2.4.1.2 "><p id="obs_40_0041__p7940122655716">versionId</p>
+<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.51.2.4.1.2 "><p id="obs_40_0041__p7940122655716">versionId</p>
 </td>
-<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.50.2.4.1.3 "><p id="obs_40_0041__p1394042615579">Type: String. Specifies a version ID.</p>
+<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.51.2.4.1.3 "><p id="obs_40_0041__p1394042615579">Type: String. Specifies a version ID.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row1794032615574"><td class="cellrowborder" valign="top" headers="mcps1.3.50.2.4.1.1 "><p id="obs_40_0041__p10940162695719">x-obs-acl</p>
+<tr id="obs_40_0041__row1794032615574"><td class="cellrowborder" valign="top" headers="mcps1.3.51.2.4.1.1 "><p id="obs_40_0041__p10940162695719">x-obs-acl</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.50.2.4.1.2 "><p id="obs_40_0041__p1392195113554">Type: String. Configures the ACL of the object with the specified version ID. When uploading an object, you can use the request that contains a canned ACL setting in its header. Value options of a canned ACL setting: <strong id="obs_40_0041__b44317503227">private|public-read|public-read-write|bucketowner-read|bucket-owner-full-control|log-delivery-write</strong>.</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.51.2.4.1.2 "><p id="obs_40_0041__p1392195113554">Type: String. Configures the ACL of the object with the specified version ID. When uploading an object, you can use the request that contains a canned ACL setting in its header. Value options of a canned ACL setting: <strong id="obs_40_0041__b44317503227">private|public-read|public-read-write|bucketowner-read|bucket-owner-full-control|log-delivery-write</strong>.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__row1394092635717"><td class="cellrowborder" valign="top" width="23.47%" headers="mcps1.3.50.2.4.1.1 "><p id="obs_40_0041__p179406267573">DeleteObjectVersion</p>
+<tr id="obs_40_0041__row1394092635717"><td class="cellrowborder" valign="top" width="23.47%" headers="mcps1.3.51.2.4.1.1 "><p id="obs_40_0041__p179406267573">DeleteObjectVersion</p>
 </td>
-<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.50.2.4.1.2 "><p id="obs_40_0041__p16940192615577">versionId</p>
+<td class="cellrowborder" valign="top" width="27.55%" headers="mcps1.3.51.2.4.1.2 "><p id="obs_40_0041__p16940192615577">versionId</p>
 </td>
-<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.50.2.4.1.3 "><p id="obs_40_0041__p13941726185718">Type: String. Deletes the object with the specified version ID.</p>
+<td class="cellrowborder" valign="top" width="48.980000000000004%" headers="mcps1.3.51.2.4.1.3 "><p id="obs_40_0041__p13941726185718">Type: String. Deletes the object with the specified version ID.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-<div class="section" id="obs_40_0041__en-us_topic_0118394684_section10136448"><h4 class="sectiontitle">Policy Permission Judgment Logic</h4><p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p31906675">A policy may pose any of the three results for each statement: <strong id="obs_40_0041__b16117104714314">Explicit Deny</strong>, <strong id="obs_40_0041__b1812344719320">Allow</strong>, and <strong id="obs_40_0041__b5123134712318">Default Deny</strong>. If a bucket policy contains multiple statements, the policy determines which statement prevails according to the following rules:</p>
-<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p18724620">1. If conditions in any statement of a policy are not met, the policy poses a default deny result.</p>
-<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p34303855">2. An explicit deny overrides an allow.</p>
-<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p40299246">3. An allow overrides a default deny.</p>
-<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p27148896">4. Statements can be in any order in a policy.</p>
+<div class="section" id="obs_40_0041__en-us_topic_0118394684_section10136448"><h4 class="sectiontitle">Policy Permission Judgment Logic</h4><p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p31906675">Each statement in a policy can have the action <strong id="obs_40_0041__b16117104714314">Explicit Deny</strong>, <strong id="obs_40_0041__b1812344719320">Allow</strong>, or <strong id="obs_40_0041__b5123134712318">Default Deny</strong>. If a bucket policy contains multiple statements with different actions, the final action is determined according to the following rules:</p>
+<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p18724620">- If there are no <strong id="obs_40_0041__b0178165612226">Explicit Deny</strong> or <strong id="obs_40_0041__b2595258172211">Allow</strong>, <strong id="obs_40_0041__b8593200234">Default Deny</strong> will apply.</p>
+<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p34303855">- An explicit deny overrides an allow.</p>
+<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p40299246">- An allow overrides a default deny.</p>
+<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p27148896">- Statements can be in any order in a policy.</p>
 
-<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__en-us_topic_0118394684_table43013480" frame="border" border="1" rules="all"><caption><b>Table 8 </b>Statement results</caption><thead align="left"><tr id="obs_40_0041__en-us_topic_0118394684_row36198266"><th align="left" class="cellrowborder" valign="top" width="23.23%" id="mcps1.3.51.7.2.3.1.1"><p id="obs_40_0041__en-us_topic_0118394684_p46378471">Result</p>
+<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0041__en-us_topic_0118394684_table43013480" frame="border" border="1" rules="all"><caption><b>Table 8 </b>Statement results</caption><thead align="left"><tr id="obs_40_0041__en-us_topic_0118394684_row36198266"><th align="left" class="cellrowborder" valign="top" width="23.23%" id="mcps1.3.52.7.2.3.1.1"><p id="obs_40_0041__en-us_topic_0118394684_p46378471">Result</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="76.77000000000001%" id="mcps1.3.51.7.2.3.1.2"><p id="obs_40_0041__en-us_topic_0118394684_p54147030">Description</p>
+<th align="left" class="cellrowborder" valign="top" width="76.77000000000001%" id="mcps1.3.52.7.2.3.1.2"><p id="obs_40_0041__en-us_topic_0118394684_p54147030">Description</p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="obs_40_0041__en-us_topic_0118394684_row13173135"><td class="cellrowborder" valign="top" width="23.23%" headers="mcps1.3.51.7.2.3.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p60391021">explicit deny</p>
+<tbody><tr id="obs_40_0041__en-us_topic_0118394684_row13173135"><td class="cellrowborder" valign="top" width="23.23%" headers="mcps1.3.52.7.2.3.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p60391021">explicit deny</p>
 </td>
-<td class="cellrowborder" valign="top" width="76.77000000000001%" headers="mcps1.3.51.7.2.3.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p59834572">A statement defines effect="deny". All requests for resources to which the statement applies are denied. No permission is returned.</p>
+<td class="cellrowborder" valign="top" width="76.77000000000001%" headers="mcps1.3.52.7.2.3.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p59834572">A statement defines effect="deny". All requests for resources to which the statement applies are denied. No permission is returned.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__en-us_topic_0118394684_row1640244"><td class="cellrowborder" valign="top" width="23.23%" headers="mcps1.3.51.7.2.3.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p65750902">allow</p>
+<tr id="obs_40_0041__en-us_topic_0118394684_row1640244"><td class="cellrowborder" valign="top" width="23.23%" headers="mcps1.3.52.7.2.3.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p65750902">allow</p>
 </td>
-<td class="cellrowborder" valign="top" width="76.77000000000001%" headers="mcps1.3.51.7.2.3.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p24222861">A statement defines effect="allow". All requests for resources to which the statement applies are allowed.</p>
+<td class="cellrowborder" valign="top" width="76.77000000000001%" headers="mcps1.3.52.7.2.3.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p24222861">A statement defines effect="allow". All requests for resources to which the statement applies are allowed.</p>
 </td>
 </tr>
-<tr id="obs_40_0041__en-us_topic_0118394684_row16679164"><td class="cellrowborder" valign="top" width="23.23%" headers="mcps1.3.51.7.2.3.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p8835053">default deny</p>
+<tr id="obs_40_0041__en-us_topic_0118394684_row16679164"><td class="cellrowborder" valign="top" width="23.23%" headers="mcps1.3.52.7.2.3.1.1 "><p id="obs_40_0041__en-us_topic_0118394684_p8835053">default deny</p>
 </td>
-<td class="cellrowborder" valign="top" width="76.77000000000001%" headers="mcps1.3.51.7.2.3.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p44550694">Conditions defined in a statement are not met. Requests are denied.</p>
+<td class="cellrowborder" valign="top" width="76.77000000000001%" headers="mcps1.3.52.7.2.3.1.2 "><p id="obs_40_0041__en-us_topic_0118394684_p44550694">Conditions defined in a statement are not met. Requests are denied.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
-<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p14830224">If an ACL and a bucket policy are applied together to an account, an explicit deny in the bucket policy overrides the allow in the ACL.</p>
-<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p66363158">If a bucket policy and an IAM policy are applied together to an account, an explicit deny overrides the allow, and an allow overrides the default deny.</p>
-<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p60397511">SSE-KMS server-side encrypted object does not support Bucket ACL/Policy for cross-tenant authorization.</p>
+<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p14830224">If both an ACL and a bucket policy apply, an explicit deny in the bucket policy overrides the allow in the ACL.</p>
+<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p66363158">If both a bucket policy and an IAM policy apply, an explicit deny overrides an allow, and an allow overrides the default deny.</p>
+<p class="msonormal" id="obs_40_0041__en-us_topic_0118394684_p60397511">Bucket ACL/Policy for cross-tenant authorization does not apply to SSE-KMS server-side encrypted objects.</p>
 </div>
 </div>
 <div>
diff --git a/docs/obs/perms-cfg/obs_40_0042.html b/docs/obs/perms-cfg/obs_40_0042.html
index 9d22c789..b2cb6786 100644
--- a/docs/obs/perms-cfg/obs_40_0042.html
+++ b/docs/obs/perms-cfg/obs_40_0042.html
@@ -1,13 +1,12 @@
 <a name="obs_40_0042"></a><a name="obs_40_0042"></a>
 
 <h1 class="topictitle1">Appendix</h1>
-<div id="body0000001132130199"><p id="obs_40_0042__p8060118"></p>
-</div>
+<div id="body0000001132130199"></div>
 <div>
 <ul class="ullinks">
 <li class="ulchildlink"><strong><a href="obs_40_0041.html">Bucket Policy Parameters</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="obs_40_0043.html">Relationship Between Bucket Policies and Bucket ACLs</a></strong><br>
+<li class="ulchildlink"><strong><a href="obs_40_0043.html">Relationship Between Bucket ACLs and Bucket Policies</a></strong><br>
 </li>
 </ul>
 </div>
diff --git a/docs/obs/perms-cfg/obs_40_0043.html b/docs/obs/perms-cfg/obs_40_0043.html
index 36b56978..882a65bd 100644
--- a/docs/obs/perms-cfg/obs_40_0043.html
+++ b/docs/obs/perms-cfg/obs_40_0043.html
@@ -1,7 +1,7 @@
 <a name="obs_40_0043"></a><a name="obs_40_0043"></a>
 
-<h1 class="topictitle1">Relationship Between Bucket Policies and Bucket ACLs</h1>
-<div id="body0000001110930532"><div class="section" id="obs_40_0043__section9370125413594"><h4 class="sectiontitle">Mapping Between Bucket ACLs and Bucket Policies</h4><p id="obs_40_0043__p14426115413593">Bucket ACLs are used to control basic read and write access to buckets. Custom settings of bucket policies support more actions that can be performed on buckets. Bucket ACLs supplement bucket policies, and in many cases, can be replaced by bucket policies to manage access to buckets. <a href="#obs_40_0043__table183716545593">Table 1</a> shows the mapping between bucket ACL access permissions and bucket policy actions.</p>
+<h1 class="topictitle1">Relationship Between Bucket ACLs and Bucket Policies</h1>
+<div id="body0000001110930532"><div class="section" id="obs_40_0043__section9370125413594"><h4 class="sectiontitle">Mapping Between Bucket ACLs and Bucket Policies</h4><p id="obs_40_0043__p14426115413593">Bucket ACLs control read and write permissions on buckets. Custom bucket policies can control more actions on buckets. Bucket ACLs are a supplement to bucket policies, but are usually replaced with bucket policies. <a href="#obs_40_0043__table183716545593">Table 1</a> shows the mapping between bucket ACL permissions and actions in a custom bucket policy.</p>
 
 <div class="tablenoborder"><a name="obs_40_0043__table183716545593"></a><a name="table183716545593"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0043__table183716545593" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Mapping between bucket ACLs and bucket policies</caption><thead align="left"><tr id="obs_40_0043__row10426205416593"><th align="left" class="cellrowborder" valign="top" width="19.191919191919194%" id="mcps1.3.1.3.2.4.1.1"><p id="obs_40_0043__p6426165418599">ACL Permission</p>
 </th>
@@ -27,12 +27,12 @@
 </td>
 <td class="cellrowborder" valign="top" width="14.141414141414144%" headers="mcps1.3.1.3.2.4.1.2 "><p id="obs_40_0043__p1142885415597">Read</p>
 </td>
-<td class="cellrowborder" valign="top" width="66.66666666666667%" headers="mcps1.3.1.3.2.4.1.3 "><p id="obs_40_0043__p1842815542599">GetBucketAcl</p>
+<td class="cellrowborder" valign="top" width="66.66666666666667%" headers="mcps1.3.1.3.2.4.1.3 "><ul id="obs_40_0043__ul1438754418326"><li id="obs_40_0043__li143871444113218">GetBucketAcl</li></ul>
 </td>
 </tr>
 <tr id="obs_40_0043__row15428654125911"><td class="cellrowborder" valign="top" headers="mcps1.3.1.3.2.4.1.1 "><p id="obs_40_0043__p1742825465912">Write</p>
 </td>
-<td class="cellrowborder" valign="top" headers="mcps1.3.1.3.2.4.1.2 "><p id="obs_40_0043__p2429554125918">PutBucketAcl</p>
+<td class="cellrowborder" valign="top" headers="mcps1.3.1.3.2.4.1.2 "><ul id="obs_40_0043__ul5622846163210"><li id="obs_40_0043__li9622164653220">PutBucketAcl</li></ul>
 </td>
 </tr>
 </tbody>
diff --git a/docs/obs/perms-cfg/obs_40_0044.html b/docs/obs/perms-cfg/obs_40_0044.html
index 9cd0cbfb..ab346747 100644
--- a/docs/obs/perms-cfg/obs_40_0044.html
+++ b/docs/obs/perms-cfg/obs_40_0044.html
@@ -1,18 +1,18 @@
 <a name="obs_40_0044"></a><a name="obs_40_0044"></a>
 
-<h1 class="topictitle1">Granting IAM User Groups Specified Permissions on Certain OBS Folders</h1>
-<div id="body0000001128664300"><div class="section" id="obs_40_0044__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0044__p3431154410448">This topic describes how to grant certain operation permissions on specific folders in an OBS bucket to multiple IAM users or user groups.</p>
+<h1 class="topictitle1">Granting IAM User Groups Specific Permissions on a Folder</h1>
+<div id="body0000001128664300"><div class="section" id="obs_40_0044__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0044__p3431154410448">This topic describes how to grant specified permissions for a folder in an OBS bucket to multiple IAM users or user groups.</p>
 </div>
-<div class="section" id="obs_40_0044__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0044__p103657437515">IAM custom policies</p>
+<div class="section" id="obs_40_0044__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0044__p103657437515">Use an IAM custom policy to configure the permissions.</p>
 </div>
-<div class="section" id="obs_40_0044__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0044__p817120327254">After the configuration is complete, you can perform allowed operations using APIs. However, if you log in to OBS Console or OBS Browser+ to perform those operations, an error is reported indicating that you do not have required permissions.</p>
-<p id="obs_40_0044__p2095722518592">This is because when you log in to OBS Console or OBS Browser+, APIs (such as <strong id="obs_40_0044__b109481258171710">ListAllMyBuckets</strong> and <strong id="obs_40_0044__b767019018182">ListBucket</strong>) are called to load the bucket list and object list and some other APIs will also be called on other pages, but your permissions do not cover those APIs. In such case, your access to OBS Console or OBS Browser+ is denied or your operation is not allowed.</p>
-<p id="obs_40_0044__p7807163365117">To allow IAM users to operate buckets and objects on OBS Console or OBS Browser+, add at least the <strong id="obs_40_0044__b1023814132458">obs:bucket:ListAllMyBuckets</strong> and <strong id="obs_40_0044__b423961364510">obs:bucket:ListBucket</strong> permissions to the custom policy. (In this case, these two permissions are configured in permission 2 and 3.)</p>
+<div class="section" id="obs_40_0044__section786219432319"><h4 class="sectiontitle">Precautions</h4><p id="obs_40_0044__p817120327254">After configuration, IAM users can perform allowed operations using APIs. If they log in to OBS Console or OBS Browser+ to perform those operations, a message will be displayed indicating that they do not have required permissions.</p>
+<p id="obs_40_0044__p2095722518592">This is because when they log in to OBS Console or OBS Browser+, APIs (such as <strong id="obs_40_0044__b1165119455278">ListAllMyBuckets</strong> and <strong id="obs_40_0044__b1565114512711">ListBucket</strong>) are called to load the bucket list and object list and some other APIs will also be called on other pages, but their permissions do not cover those APIs. In such case, the message is diplayed.</p>
+<p id="obs_40_0044__p7807163365117">To allow IAM users to operate buckets and objects on OBS Console or OBS Browser+, add at least the <strong id="obs_40_0044__b1023814132458">obs:bucket:ListAllMyBuckets</strong> and <strong id="obs_40_0044__b423961364510">obs:bucket:ListBucket</strong> permissions to the custom policy. (In this case, these two permissions are configured in permissions 2 and 3.)</p>
 <div class="note" id="obs_40_0044__note5566228165219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0044__p1518015112445"><strong id="obs_40_0044__b1175714464297">obs:bucket:ListAllMyBuckets</strong> applies to all resources. You need to select all resources.</p>
 <p id="obs_40_0044__p256692825216"><strong id="obs_40_0044__b173404902917">obs:bucket:ListBucket</strong> applies only to the authorized bucket. You can select all resources or a specified bucket as needed.</p>
 </div></div>
 </div>
-<div class="section" id="obs_40_0044__section1565643713464"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0044__ol170633855216"><li id="obs_40_0044__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0044__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0044__b2096717161570">Service List</strong> &gt; <strong id="obs_40_0044__b196721655710">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0044__b6967131605713">Identity and Access Management</strong>. The IAM console is displayed.</span></li><li id="obs_40_0044__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0044__b17330625152910">Permissions</strong>.</span></li><li id="obs_40_0044__li1388483016366"><span>Click <strong id="obs_40_0044__b3955112255715">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0044__li1161395452712"><span>Configure parameters for a custom policy.</span><p><div class="fignone" id="obs_40_0044__fig61012351811"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0044__image1010283101813" src="en-us_image_0000001386340170.png"></span></div>
+<div class="section" id="obs_40_0044__section1565643713464"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0044__ol170633855216"><li id="obs_40_0044__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0044__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0044__b2096717161570">Service List</strong> &gt; <strong id="obs_40_0044__b196721655710">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0044__b6967131605713">Identity and Access Management</strong>.</span></li><li id="obs_40_0044__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0044__b17330625152910">Permissions</strong>.</span></li><li id="obs_40_0044__li1388483016366"><span>Click <strong id="obs_40_0044__b3955112255715">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0044__li1161395452712"><span>Configure a custom policy.</span><p><div class="fignone" id="obs_40_0044__fig61012351811"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0044__image1010283101813" src="en-us_image_0000001386340170.png"></span></div>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0044__table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0044__row6375927132818"><th align="left" class="cellrowborder" valign="top" width="25.25%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0044__p23757272286">Parameter</p>
 </th>
@@ -22,12 +22,12 @@
 </thead>
 <tbody><tr id="obs_40_0044__row17375102752819"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0044__p1737572772816">Policy Name</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0044__p83758278280">Name of the custom policy</p>
+<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0044__p83758278280">Enter a policy name.</p>
 </td>
 </tr>
 <tr id="obs_40_0044__row1937592712288"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0044__p173753272284">Policy View</p>
 </td>
-<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0044__p17375102714285">Set this parameter based on your own habits. <strong id="obs_40_0044__b2790543214">Visual editor</strong> is used here.</p>
+<td class="cellrowborder" valign="top" width="74.75%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0044__p17375102714285">Select one based on your own habits. <strong id="obs_40_0044__b12251105612819">Visual editor</strong> is used here.</p>
 </td>
 </tr>
 <tr id="obs_40_0044__row133751227142812"><td class="cellrowborder" valign="top" width="25.25%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0044__p203751027172816">Policy Content</p>
@@ -42,7 +42,7 @@
 <p id="obs_40_0044__p1094344019260">[Permission 2] It is mandatory when an authorized user needs to perform operations on OBS Console or OBS Browser+.</p>
 <ul id="obs_40_0044__ul17943540162618"><li id="obs_40_0044__li10943104052620">Select <strong id="obs_40_0044__b195554342271">Allow</strong>.</li><li id="obs_40_0044__li9943184022620">Select <strong id="obs_40_0044__b152051737162710">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0044__li19883155554614">Select <strong id="obs_40_0044__b12933739192712">obs:bucket:ListBucket</strong> from the actions.</li><li id="obs_40_0044__li1991741116547">On the <strong id="obs_40_0044__b2116731162813">All</strong> tab, choose <strong id="obs_40_0044__b14118143182811">Specific</strong> &gt; <strong id="obs_40_0044__b3120113116285">Specify resource path</strong> to specify a bucket.<p id="obs_40_0044__p2045623815299">[Path Format]</p>
 <p id="obs_40_0044__p74565384297"><strong id="obs_40_0044__b172671627397">obs:*:*:bucket:</strong><em id="obs_40_0044__i734662053613">Bucket name</em></p>
-</li><li id="obs_40_0044__li1588752312315">On the <strong id="obs_40_0044__b17782230124419">(Optional) Add request condition</strong> tab, click <strong id="obs_40_0044__b2448123915442">Add Request Condition</strong>.<ul id="obs_40_0044__ul12427164311341"><li id="obs_40_0044__li347333313220"><strong id="obs_40_0044__b4846192444519">Condition key</strong>: Select <strong id="obs_40_0044__b124631354154516">obs:prefix</strong> from the drop-down list.</li><li id="obs_40_0044__li988010439332"><strong id="obs_40_0044__b2751199114613">Operator</strong>: Select <strong id="obs_40_0044__b1560329114613">StringStartWith</strong> from the drop-down list.</li><li id="obs_40_0044__li1167275203417"><strong id="obs_40_0044__en-us_topic_0104029905_b33832910436">Value</strong>: <em id="obs_40_0044__en-us_topic_0104029905_en-us_topic_0101094788_i102251116161316">Folder name</em><strong id="obs_40_0044__b15352191112476">/</strong></li></ul>
+</li><li id="obs_40_0044__li1588752312315">On the <strong id="obs_40_0044__b17782230124419">(Optional) Add request condition</strong> tab, click <strong id="obs_40_0044__b2448123915442">Add Request Condition</strong>.<ul id="obs_40_0044__ul12427164311341"><li id="obs_40_0044__li347333313220"><strong id="obs_40_0044__b4846192444519">Condition key</strong>: Select <strong id="obs_40_0044__b124631354154516">obs:prefix</strong> from the drop-down list.</li><li id="obs_40_0044__li988010439332"><strong id="obs_40_0044__b2751199114613">Operator</strong>: Select <strong id="obs_40_0044__b1560329114613">StringMatch</strong> from the drop-down list.</li><li id="obs_40_0044__li1167275203417"><strong id="obs_40_0044__en-us_topic_0104029905_b33832910436">Value</strong>: <em id="obs_40_0044__en-us_topic_0104029905_en-us_topic_0101094788_i102251116161316">Folder name</em><strong id="obs_40_0044__b15352191112476">/</strong></li></ul>
 <p id="obs_40_0044__p10505450163414">[Notes]</p>
 <p id="obs_40_0044__p4861328352">If you want a user to have only the permission to list a folder in the bucket, add a request condition for action <strong id="obs_40_0044__b2027203614487">obs:bucket:ListBucket</strong>. <strong id="obs_40_0044__b789255075811">prefix</strong> is included in the request for listing objects in a bucket. In this way, when you specify <strong id="obs_40_0044__b1932193919597">prefix</strong> to list objects whose names start with <em id="obs_40_0044__i174551427143719">Folder name</em><strong id="obs_40_0044__b156943360360">/</strong>, the objects in the bucket can be listed.</p>
 </li></ul>
@@ -58,16 +58,16 @@
 </tbody>
 </table>
 </div>
-</p></li><li id="obs_40_0044__li1293324623719"><span>Click <strong id="obs_40_0044__b32951079577">OK</strong>. The custom policy is created.</span></li><li id="obs_40_0044__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0044__p1312812258417">Add the created custom policy to the user group by following the instructions in the IAM document.</p>
-</p></li><li id="obs_40_0044__li12273529113919"><span>Add the IAM user you want to authorize to the created user group by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Creating a User and Adding the User to a User Group</a>.</span><p><div class="note" id="obs_40_0044__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0044__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.</p>
+</p></li><li id="obs_40_0044__li1293324623719"><span>Click <strong id="obs_40_0044__b165709613316">OK</strong>.</span></li><li id="obs_40_0044__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0044__p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
+</p></li><li id="obs_40_0044__li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0044__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0044__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
 </div></div>
 </p></li></ol>
 </div>
-<div class="section" id="obs_40_0044__section15823527415"><h4 class="sectiontitle">Verification</h4><ol id="obs_40_0044__ol5278184513146"><li id="obs_40_0044__li027864581416"><span>Log in to OBS Console as an IAM user.</span></li><li id="obs_40_0044__li187691522131319"><span>In the bucket list, click bucket <strong id="obs_40_0044__b1120725410174">example-002</strong> to go to the overview page.</span><p><div class="note" id="obs_40_0044__note1582471119493"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0044__p78251911174916">After the configuration is complete, it is normal if the system still displays a message indicating that you do not have required permissions, because OBS Console also calls other APIs for advanced settings, but you can still perform the operations allowed on the folder.</p>
+<div class="section" id="obs_40_0044__section15823527415"><h4 class="sectiontitle">Verification</h4><ol id="obs_40_0044__ol5278184513146"><li id="obs_40_0044__li027864581416"><span>Log in to OBS Console as an IAM user.</span></li><li id="obs_40_0044__li187691522131319"><span>In the bucket list, click bucket <strong id="obs_40_0044__b1120725410174">example-002</strong> to go to the <strong id="obs_40_0044__b860791133215">Overview</strong> page.</span><p><div class="note" id="obs_40_0044__note1582471119493"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0044__p78251911174916">After the configuration is complete, it is normal if the system still displays a message indicating that you do not have required permissions, because OBS Console also calls other APIs for advanced settings, but you can still perform the operations allowed on the folder.</p>
 </div></div>
-</p></li><li id="obs_40_0044__li11765154017509"><span>In the navigation pane, select <strong id="obs_40_0044__b430811332119">Objects</strong>. It is normal that a message indicating no permission is displayed and no object can be viewed.</span><p><div class="note" id="obs_40_0044__note3156142165415"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0044__p141561321195411">The reason why there is no required permission is that listing objects on OBS Console is to list objects in the root folder. This rule does not match the configured custom policy for listing objects in folder <strong id="obs_40_0044__b13188125619298">folder-001/</strong>.</p>
+</p></li><li id="obs_40_0044__li11765154017509"><span>In the navigation pane, select <strong id="obs_40_0044__b430811332119">Objects</strong>. If a message indicating no sufficient is available and no object can be viewed, ignore the message and continue with the operations.</span><p><div class="note" id="obs_40_0044__note3156142165415"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0044__p141561321195411">The reason why there is no required permission is that listing objects on OBS Console is to list objects in the root folder. This is different from the configured custom policy (listing objects in folder <strong id="obs_40_0044__b13188125619298">folder-001/</strong>).</p>
 </div></div>
-</p></li><li id="obs_40_0044__li7706170175111"><span>In the search box, enter <strong id="obs_40_0044__b1593118142616">folder-001/</strong> to view the list of objects in <strong id="obs_40_0044__b182861144132616">folder-001</strong>. Objects <strong id="obs_40_0044__b1273081272711">222.txt</strong> and <strong id="obs_40_0044__b18722131532719">111.txt</strong> are displayed.</span></li><li id="obs_40_0044__li584842925718"><span>Click <strong id="obs_40_0044__b12655185116331">Create Folder</strong> to create folder <strong id="obs_40_0044__b185938552336">folder-002</strong>.</span></li><li id="obs_40_0044__li1629212395918"><span>Click <strong id="obs_40_0044__b587712754116">Upload Object</strong> to upload file <strong id="obs_40_0044__b11764182154111">333.txt</strong>.</span><p><div class="note" id="obs_40_0044__note127411448185420"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0044__p137411348205417">If some other permissions are required, hover your cursor over the username and choose <strong id="obs_40_0044__b1419118113463">Identity and Access Management</strong> &gt; <strong id="obs_40_0044__b16592553462">Permissions</strong>, and then repeat the operations above to configure custom policies as needed.</p>
+</p></li><li id="obs_40_0044__li7706170175111"><span>In the search box, enter <strong id="obs_40_0044__b1593118142616">folder-001/</strong> to view the list of objects in <strong id="obs_40_0044__b182861144132616">folder-001</strong>. Objects <strong id="obs_40_0044__b1273081272711">222.txt</strong> and <strong id="obs_40_0044__b18722131532719">111.txt</strong> are displayed.</span></li><li id="obs_40_0044__li584842925718"><span>Click <strong id="obs_40_0044__b12655185116331">Create Folder</strong> to create folder <strong id="obs_40_0044__b185938552336">folder-002</strong>.</span></li><li id="obs_40_0044__li1629212395918"><span>Click <strong id="obs_40_0044__b587712754116">Upload Object</strong> to upload file <strong id="obs_40_0044__b11764182154111">333.txt</strong>.</span><p><div class="note" id="obs_40_0044__note127411448185420"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0044__p137411348205417">If some other permissions are required, hover over the username and choose <strong id="obs_40_0044__b1419118113463">Identity and Access Management</strong> &gt; <strong id="obs_40_0044__b16592553462">Permissions</strong>, and then repeat the operations above to configure custom policies as needed.</p>
 </div></div>
 </p></li></ol>
 </div>