vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/perms-cfg/obs_40_0031.html
zhangyue 32b9354795 OBS PERMS DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2023-04-18 07:48:10 +00:00

65 lines
9.4 KiB
HTML
Raw Blame History

<a name="obs_40_0031"></a><a name="obs_40_0031"></a>
<h1 class="topictitle1">Granting Anonymous Users Public Read Permissions on a Bucket</h1>
<div id="body1588765301379"><div class="section" id="obs_40_0031__section142631357463"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0031__p15459915718">If a bucket needs to be accessed by anonymous users, you can configure a bucket policy and bucket ACL to grant the access permission to anonymous users. The following uses a bucket policy as an example.</p>
</div>
<div class="section" id="obs_40_0031__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0031__p1436151622312">The <strong id="obs_40_0031__b175608381563">Public Read</strong> policy allows any user to read objects in a bucket. <strong id="obs_40_0031__b17891815245">Public Read</strong> has the following permissions:</p>
<ul id="obs_40_0031__ul979910296419"><li id="obs_40_0031__li979902918414">GetObject: downloading objects</li><li id="obs_40_0031__li2079952914417">GetObjectVersion: downloading versioned objects</li><li id="obs_40_0031__li2079918294411">HeadBucket: checking whether a bucket exists</li><li id="obs_40_0031__li107991329549">ListBucket: listing objects in a bucket and obtaining the bucket metadata<div class="note" id="obs_40_0031__note171618381482"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0031__p101623854811">When you access a bucket through its domain name, the ListBucket permission allows you to list all objects in the bucket. If you want to restrict this permission to specified users under an account, see <a href="#obs_40_0031__section191491712418">Related Scenario: Canceling the ListBucket Permission from the Public Read Policy</a>.</p>
</div></div>
</li></ul>
</div>
<div class="section" id="obs_40_0031__section68804531942"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0031__ol1570512004013"><li id="obs_40_0031__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0031__b160151135915">Object Storage</strong>.</span></li><li id="obs_40_0031__li143061822104011"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0031__b10742152483810">Overview</strong> page.</span></li><li id="obs_40_0031__li125741927104010"><span>In the navigation pane, choose <strong id="obs_40_0031__b162092054144616">Permissions</strong>.</span></li><li id="obs_40_0031__li179542323403"><span>On the <strong id="obs_40_0031__b42597237711">Bucket Policies</strong> tab page, select the <strong id="obs_40_0031__b598162894">Public Read</strong> policy for the bucket in the <strong id="obs_40_0031__b13341122995">Standard Bucket Policies</strong> area.</span><p><div class="fignone" id="obs_40_0031__fig47171574453"><span class="figcap"><b>Figure 1 </b>Granting public read permissions on buckets to anonymous users</span><br><span><img id="obs_40_0031__image1972015576455" src="en-us_image_0000001436305909.png"></span></div>
</p></li></ol>
</div>
<div class="section" id="obs_40_0031__section6487417124"><h4 class="sectiontitle">Verification</h4><ol id="obs_40_0031__ol2572461220"><li id="obs_40_0031__li155714141220"><span>After the permission is set, in the <strong id="obs_40_0031__b6691112521111">Basic Information </strong>area of the bucket details page, locate <strong id="obs_40_0031__b1092919328113">Access Domain Name</strong>. Share the URL of the access domain name over the Internet so that all Internet users can access the bucket.</span></li><li id="obs_40_0031__li18579413121"><span>On the <strong id="obs_40_0031__b5887104421216">Objects</strong> tab page of the bucket, click the target object name and find the object link. Share the object link over the Internet so that all Internet users can access the object.</span></li></ol>
</div>
<div class="section" id="obs_40_0031__section191491712418"><a name="obs_40_0031__section191491712418"></a><a name="section191491712418"></a><h4 class="sectiontitle">Related Scenario: Canceling the ListBucket Permission from the Public Read Policy</h4><p id="obs_40_0031__p56019208246">If you want to restrict the ListBucket permission to specified users under an account, you need to configure another bucket policy.</p>
<ol id="obs_40_0031__ol170633855216"><li id="obs_40_0031__li659013400614"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0031__b55115455918">Object Storage</strong>.</span></li><li id="obs_40_0031__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0031__b2049817312386">Overview</strong> page.</span></li><li id="obs_40_0031__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0031__b9424181334719">Permissions</strong>.</span></li><li id="obs_40_0031__li49461065486"><span>On the <strong id="obs_40_0031__b9734530112714">Bucket Policies</strong> page, click <strong id="obs_40_0031__b3734163017278">Create Bucket Policy</strong> under <strong id="obs_40_0031__b13735103020272">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0031__li1470617571214"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0031__fig163820984812"><span class="figcap"><b>Figure 2 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0031__image46401934816" src="en-us_image_0000001436265909.png"></span></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0031__table3706135201215" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0031__row2070620591220"><th align="left" class="cellrowborder" valign="top" width="23.72%" id="mcps1.3.5.3.5.2.2.2.3.1.1"><p id="obs_40_0031__p1770714531211">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="76.28%" id="mcps1.3.5.3.5.2.2.2.3.1.2"><p id="obs_40_0031__p47078561217">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_40_0031__row3707105161213"><td class="cellrowborder" valign="top" width="23.72%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0031__p1270710541217">Policy Mode</p>
</td>
<td class="cellrowborder" valign="top" width="76.28%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0031__p1070720571218">Select <strong id="obs_40_0031__b138081140121918">Customized</strong>.</p>
</td>
</tr>
<tr id="obs_40_0031__row0282443111316"><td class="cellrowborder" valign="top" width="23.72%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0031__p1528214351316">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="76.28%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0031__p628264361310">Select <strong id="obs_40_0031__b16649173421917">Deny</strong>.</p>
</td>
</tr>
<tr id="obs_40_0031__row27071453128"><td class="cellrowborder" valign="top" width="23.72%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0031__p9707195171215">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="76.28%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><div class="p" id="obs_40_0031__p6494105119184">Select <strong id="obs_40_0031__b191115411198">Exclude</strong>.<ul id="obs_40_0031__ul480721115180"><li id="obs_40_0031__li1024761941819">Select <strong id="obs_40_0031__b1294415814519">Cloud service user</strong>.</li><li id="obs_40_0031__li4245545161814"><strong id="obs_40_0031__b5401347104513">Account ID</strong>: Enter <strong id="obs_40_0031__b187851783471">*</strong> to indicate all anonymous users.</li><li id="obs_40_0031__li1703812151919"><strong id="obs_40_0031__b9747912195018">User ID</strong>: Enter one or more user IDs separated by a comma (,).</li></ul>
</div>
</td>
</tr>
<tr id="obs_40_0031__row187079581216"><td class="cellrowborder" valign="top" width="23.72%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0031__p47071520126">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="76.28%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><p id="obs_40_0031__p134612281416">Select <strong id="obs_40_0031__b846133113818">Include</strong> &gt; <strong id="obs_40_0031__b164753317383">Entire bucket</strong>.</p>
</td>
</tr>
<tr id="obs_40_0031__row16898181610148"><td class="cellrowborder" valign="top" width="23.72%" headers="mcps1.3.5.3.5.2.2.2.3.1.1 "><p id="obs_40_0031__p989841691413">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="76.28%" headers="mcps1.3.5.3.5.2.2.2.3.1.2 "><ul id="obs_40_0031__ul48235222144"><li id="obs_40_0031__li1182312214143"><strong id="obs_40_0031__b5333242143817">Include</strong></li><li id="obs_40_0031__li04383583015"><strong id="obs_40_0031__b15385194483811">Action Name</strong>:<ul id="obs_40_0031__ul7641371302"><li id="obs_40_0031__li1533815258143">ListBucket</li></ul>
</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_40_0031__li1940154881411"><span>Click <strong id="obs_40_0031__b3538154817386">OK</strong>. The bucket policy is created.</span></li></ol>
<p id="obs_40_0031__p20864640131817"><strong id="obs_40_0031__b1441511883919">Verification</strong>: After the permission is set, in the <strong id="obs_40_0031__b1782519507385">Basic Information</strong> area of the bucket details page, locate <strong id="obs_40_0031__b18826165073818">Access Domain Name</strong>. Publish the URL on the Internet, and verify that only specified users can list objects in the bucket.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0030.html">Granting Permissions to Anonymous Users</a></div>
</div>
</div>
View Git Blame Copy Permalink