vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/perms-cfg/obs_40_0031.html
zhangyue 32b9354795 OBS PERMS DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2023-04-18 07:48:10 +00:00

9.4 KiB
Raw Permalink Blame History

Granting Anonymous Users Public Read Permissions on a Bucket

Scenario

If a bucket needs to be accessed by anonymous users, you can configure a bucket policy and bucket ACL to grant the access permission to anonymous users. The following uses a bucket policy as an example.

Configuration Precautions

The Public Read policy allows any user to read objects in a bucket. Public Read has the following permissions:

  • GetObject: downloading objects
  • GetObjectVersion: downloading versioned objects
  • HeadBucket: checking whether a bucket exists
  • ListBucket: listing objects in a bucket and obtaining the bucket metadata

    When you access a bucket through its domain name, the ListBucket permission allows you to list all objects in the bucket. If you want to restrict this permission to specified users under an account, see Related Scenario: Canceling the ListBucket Permission from the Public Read Policy.

Procedure

  1. In the navigation pane of OBS Console, choose Object Storage.
  2. In the bucket list, click the bucket name you want to go to the Overview page.
  3. In the navigation pane, choose Permissions.
  4. On the Bucket Policies tab page, select the Public Read policy for the bucket in the Standard Bucket Policies area.

    Figure 1 Granting public read permissions on buckets to anonymous users

Verification

  1. After the permission is set, in the Basic Information area of the bucket details page, locate Access Domain Name. Share the URL of the access domain name over the Internet so that all Internet users can access the bucket.
  2. On the Objects tab page of the bucket, click the target object name and find the object link. Share the object link over the Internet so that all Internet users can access the object.

Related Scenario: Canceling the ListBucket Permission from the Public Read Policy

If you want to restrict the ListBucket permission to specified users under an account, you need to configure another bucket policy.

  1. In the navigation pane of OBS Console, choose Object Storage.
  2. In the bucket list, click the bucket name you want to go to the Overview page.
  3. In the navigation pane, choose Permissions.
  4. On the Bucket Policies page, click Create Bucket Policy under Custom Bucket Policies.
  5. Configure parameters for a bucket policy.

    Figure 2 Configuring parameters for a bucket policy
    Table 1 Parameters for creating a bucket policy

    Parameter

    Description

    Policy Mode

    Select Customized.

    Effect

    Select Deny.

    Principal
    Select Exclude.
    • Select Cloud service user.
    • Account ID: Enter * to indicate all anonymous users.
    • User ID: Enter one or more user IDs separated by a comma (,).

    Resources

    Select Include > Entire bucket.

    Actions
    • Include
    • Action Name:
      • ListBucket

  6. Click OK. The bucket policy is created.

Verification: After the permission is set, in the Basic Information area of the bucket details page, locate Access Domain Name. Publish the URL on the Internet, and verify that only specified users can list objects in the bucket.