doc-exports/docs/obs/perms-cfg/obs_40_0020.html

<a name="obs_40_0020"></a><a name="obs_40_0020"></a>

<h1 class="topictitle1">Granting IAM User Groups All Permissions on All OBS Resources</h1>
<div id="body1588765301379"><div class="section" id="obs_40_0020__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0020__p3431154410448">This topic describes how to grant multiple IAM users or user groups all permissions on all OBS resources. Users with this permission can perform any operations on OBS.</p>
</div>
<div class="section" id="obs_40_0020__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0020__p103657437515">Use an IAM custom policy to configure the permissions.</p>
</div>
<div class="section" id="obs_40_0020__section1976313561854"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0020__ol170633855216"><li id="obs_40_0020__li10432131493113"><span>Log in to the management console using a cloud service account.</span></li><li id="obs_40_0020__li625685643115"><span>On the top menu bar, choose <strong id="obs_40_0020__b13023912502">Service List</strong> &gt; <strong id="obs_40_0020__b70123914501">Management &amp; Deployment</strong> &gt; <strong id="obs_40_0020__b3003912507">Identity and Access Management</strong>.</span></li><li id="obs_40_0020__li1848615103345"><span>In the navigation pane, choose <strong id="obs_40_0020__b857015426257">Permissions</strong>.</span></li><li id="obs_40_0020__li1388483016366"><span>Click <strong id="obs_40_0020__b22623504509">Create Custom Policy</strong> in the upper right corner.</span></li><li id="obs_40_0020__li1161395452712"><span>Configure a custom policy.</span><p><div class="fignone" id="obs_40_0020__fig313442114368"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_40_0020__image10136182117366" src="en-us_image_0000001385530212.png"></span></div>

<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0020__table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for configuring a custom policy</caption><thead align="left"><tr id="obs_40_0020__row6375927132818"><th align="left" class="cellrowborder" valign="top" width="25.03%" id="mcps1.3.3.2.5.2.2.2.3.1.1"><p id="obs_40_0020__p23757272286"><strong id="obs_40_0020__b19681602982500">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="74.97%" id="mcps1.3.3.2.5.2.2.2.3.1.2"><p id="obs_40_0020__p63751027152820"><strong id="obs_40_0020__b14830039312500">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="obs_40_0020__row17375102752819"><td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0020__p1737572772816">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0020__p83758278280">Enter a policy name.</p>
</td>
</tr>
<tr id="obs_40_0020__row1937592712288"><td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0020__p173753272284">Policy View</p>
</td>
<td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0020__p17375102714285">Select one based on your own habits. <strong id="obs_40_0020__b1273193318012">Visual editor</strong> is used here.</p>
</td>
</tr>
<tr id="obs_40_0020__row133751227142812"><td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0020__p203751027172816">Policy Content</p>
</td>
<td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><ul id="obs_40_0020__ul312618263319"><li id="obs_40_0020__li112652673110">Select <strong id="obs_40_0020__b18087875182500">Allow</strong>.</li><li id="obs_40_0020__li1952919359">Select <strong id="obs_40_0020__b16189141452500">Object Storage Service (OBS)</strong>.</li><li id="obs_40_0020__li813512281313">Select all actions.</li><li id="obs_40_0020__li024173143415">Select <strong id="obs_40_0020__b4187125719113">All</strong> for resources.</li></ul>
</td>
</tr>
<tr id="obs_40_0020__row9382150135118"><td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0020__p83756273285">Scope</p>
</td>
<td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0020__p1037542711283">The default value is <strong id="obs_40_0020__b9312338516">Global services</strong>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_40_0020__li1293324623719"><span>Click <strong id="obs_40_0020__b142262522328">OK</strong>.</span></li><li id="obs_40_0020__li81339157389"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a>.</span><p><p id="obs_40_0020__p1312812258417">Apply the created custom policy to the user group by following the instructions in the IAM document.</p>
</p></li><li id="obs_40_0020__li12273529113919"><span><a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Add the IAM user you want to authorize to the created user group</a>.</span><p><div class="note" id="obs_40_0020__note1402619155515"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0020__p37253183814">Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect.</p>
</div></div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0019.html">Granting Permissions to Multiple IAM Users or User Groups Under the Account</a></div>
</div>
</div>