vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/umn/obs_03_0081.html
zhangyue b55201d729 OBS UMN DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2024-03-18 15:39:30 +00:00

93 lines
10 KiB
HTML
Raw Blame History

<a name="obs_03_0081"></a><a name="obs_03_0081"></a>
<h1 class="topictitle1">Granting Other Accounts Permissions to Operate a Specific Bucket</h1>
<div id="body1557026128761"><p id="obs_03_0081__p1919519475574">The bucket owner (root account) or other accounts and IAM users, who have the permission to set bucket policies, can configure bucket policies to grant the bucket operation permissions to other accounts or IAM users under other accounts.</p>
<p id="obs_03_0081__p2058382155214">The following is an example about how to grant other accounts bucket access and object upload permissions.</p>
<div class="note" id="obs_03_0081__note13614125415289"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0081__p10614165402811">To grant permissions to IAM users under other accounts, you need to configure both bucket policies and <span id="obs_03_0081__ph16990133392417">IAM policies</span>.</p>
<ol id="obs_03_0081__ol7853716103516"><li id="obs_03_0081__li685301693514">Configure a bucket policy to allow IAM users to access the bucket.</li><li id="obs_03_0081__li888244323516">Configure <span id="obs_03_0081__ph135373523355">IAM policies</span> for the account where authorized IAM users belong, to allow the IAM users to access the bucket.</li></ol>
<p id="obs_03_0081__p1345162763720">Only permissions that are allowed by both the bucket policy and <span id="obs_03_0081__ph5939236183712">IAM policies</span> can take effect.</p>
</div></div>
<div class="section" id="obs_03_0081__section435994418812"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0081__ol549119194012"><li id="obs_03_0081__li99821455306"><span>In the bucket list, click the bucket you want to operate. The <strong id="obs_03_0081__obs_03_0307_b144421021120">Overview</strong> page is displayed.</span></li><li id="obs_03_0081__li13508181724617"><span>In the navigation pane, choose <strong id="obs_03_0081__obs_03_0142_b2055212481903">Permissions</strong>.</span></li><li id="obs_03_0081__li8120153165517"><span>Choose <strong id="obs_03_0081__b942110816513">Bucket Policies</strong> &gt; <strong id="obs_03_0081__b7422287515">Custom Bucket Policies</strong>.</span></li><li id="obs_03_0081__li81441540133419"><span>Click <strong id="obs_03_0081__b111286107515">Create Bucket Policy</strong>. The <strong id="obs_03_0081__b14129191013513">Create Bucket Policy</strong> dialog box is displayed.</span></li><li id="obs_03_0081__li17931032163517"><span>Configure the parameters listed in the table below to grant other accounts bucket access permission.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0081__table7531653104420" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for granting bucket access permission</caption><thead align="left"><tr id="obs_03_0081__row2532105311447"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.2.5.2.1.2.3.1.1"><p id="obs_03_0081__p16532195364414">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.2.5.2.1.2.3.1.2"><p id="obs_03_0081__p15532145310443">Value</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0081__row953216536449"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.1 "><p id="obs_03_0081__p1653265344417">Policy Mode</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.2 "><p id="obs_03_0081__p95328538440"><strong id="obs_03_0081__b173011935194310">Customized</strong></p>
</td>
</tr>
<tr id="obs_03_0081__row16532753114417"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.1 "><p id="obs_03_0081__p353219537448">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.2 "><p id="obs_03_0081__p5532353104418"><strong id="obs_03_0081__b19922174264316">Allow</strong></p>
</td>
</tr>
<tr id="obs_03_0081__row115321753164415"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.1 "><p id="obs_03_0081__p1553215538449">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.2 "><ul id="obs_03_0081__ul136938242519"><li id="obs_03_0081__li969532495111"><strong id="obs_03_0081__b187704534318">Include</strong></li><li id="obs_03_0081__li269712369202"><strong id="obs_03_0081__b158058444417">Cloud service user</strong>. Select <strong id="obs_03_0081__b132601515104417">Other account</strong>, and enter the account ID and user ID.<p id="obs_03_0081__p75419201471">For <strong id="obs_03_0081__b12590151316220">Account ID</strong>, enter the <strong id="obs_03_0081__b112021124529">Domain ID</strong> that can be found on the <strong id="obs_03_0081__b145225442027">My Credential</strong> page.</p>
</li></ul>
</td>
</tr>
<tr id="obs_03_0081__row653285374414"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.1 "><p id="obs_03_0081__p753212538444">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.2 "><ul id="obs_03_0081__ul964933612542"><li id="obs_03_0081__li564933617545"><strong id="obs_03_0081__b1366645434417">Include</strong></li><li id="obs_03_0081__li13501734155919">Leave it blank.</li></ul>
</td>
</tr>
<tr id="obs_03_0081__row18790945165418"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.1 "><p id="obs_03_0081__p12791194519544">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.5.2.1.2.3.1.2 "><ul id="obs_03_0081__ul815102155519"><li id="obs_03_0081__li161522195512"><strong id="obs_03_0081__b9707759204411">Include</strong></li><li id="obs_03_0081__li13801149553">ListBucket</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0081__li20063255511"><span>Click <strong id="obs_03_0081__b7811522458">OK</strong>.</span></li><li id="obs_03_0081__li664901415562"><span>Click <strong id="obs_03_0081__b147417384518">Create Bucket Policy</strong>. The <strong id="obs_03_0081__b274212354520">Create Bucket Policy</strong> dialog box is displayed.</span></li><li id="obs_03_0081__li16621126135610"><span>Configure the parameters listed in the table below to grant other accounts the object upload permission:</span><p><div class="note" id="obs_03_0081__note5130172785715"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0081__p20130152735713">Before granting this permission to a user, ensure that the user has the permission to access the bucket.</p>
</div></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0081__table566311261565" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for granting permission to upload objects</caption><thead align="left"><tr id="obs_03_0081__row16664826175610"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.2.8.2.2.2.3.1.1"><p id="obs_03_0081__p1466442615612">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.2.8.2.2.2.3.1.2"><p id="obs_03_0081__p1466516269566">Value</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0081__row12665142619562"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.1 "><p id="obs_03_0081__p36664266562">Policy Mode</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.2 "><p id="obs_03_0081__p14666152615562"><strong id="obs_03_0081__b16452350144517">Customized</strong></p>
</td>
</tr>
<tr id="obs_03_0081__row3667132613567"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.1 "><p id="obs_03_0081__p1866732655612">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.2 "><p id="obs_03_0081__p966982619569"><strong id="obs_03_0081__b34165604519">Allow</strong></p>
</td>
</tr>
<tr id="obs_03_0081__row666915260561"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.1 "><p id="obs_03_0081__p8670112635619">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.2 "><ul id="obs_03_0081__ul1670726135620"><li id="obs_03_0081__li1567162695619"><strong id="obs_03_0081__b67530576453">Include</strong></li><li id="obs_03_0081__li15319185511214"><strong id="obs_03_0081__b4659916460">Cloud service user</strong>. Select <strong id="obs_03_0081__b176616114616">Other account</strong>, and enter the account ID and user ID.<p id="obs_03_0081__p12751112924814">For <strong id="obs_03_0081__b163385912319">Account ID</strong>, enter the <strong id="obs_03_0081__b0339491037">Domain ID</strong> that can be found on the <strong id="obs_03_0081__b163391491434">My Credential</strong> page.</p>
</li></ul>
</td>
</tr>
<tr id="obs_03_0081__row126721226135618"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.1 "><p id="obs_03_0081__p0673122685615">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.2 "><ul id="obs_03_0081__ul11674152619564"><li id="obs_03_0081__li1067452605618"><strong id="obs_03_0081__b929562318466">Include</strong></li><li id="obs_03_0081__li167318513586">Resource name: <strong id="obs_03_0081__b925182454617">*</strong></li></ul>
</td>
</tr>
<tr id="obs_03_0081__row167522618569"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.1 "><p id="obs_03_0081__p1367692611568">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.8.2.2.2.3.1.2 "><ul id="obs_03_0081__ul176761226135619"><li id="obs_03_0081__li11676142635613"><strong id="obs_03_0081__b517511270469">Include</strong></li><li id="obs_03_0081__li1567672613569">PutObject</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0081__li9679192645612"><span>Click <strong id="obs_03_0081__b11365193111469">OK</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0127.html">Application Cases</a></div>
</div>
</div>
View Git Blame Copy Permalink