vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/umn/obs_03_0136.html
zhangyue b55201d729 OBS UMN DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2024-03-18 15:39:30 +00:00

89 lines
11 KiB
HTML
Raw Blame History

<a name="obs_03_0136"></a><a name="obs_03_0136"></a>
<h1 class="topictitle1">Application Example 3: Authorizing Access Permissions Required for Adding an External Bucket Through the Custom Bucket Policy</h1>
<div id="body1557194771183"><p id="obs_03_0136__p4815145652014">A custom bucket policy can be used to grant the read and write access permissions to the bucket to be added.</p>
<p id="obs_03_0136__p172844161315">If a custom bucket policy is used to authorize such permissions, the ListBucket, GetObject, and GetObjectVersion actions must be allowed. More actions can be allowed according to your actual needs.</p>
<div class="section" id="obs_03_0136__section9799102151917"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0136__ol430282901616"><li id="obs_03_0136__li93021529111613"><span>Log in to OBS Console.</span></li><li id="obs_03_0136__li99821455306"><span>In the bucket list, click the bucket you want to operate. The <strong id="obs_03_0136__obs_03_0307_b144421021120">Overview</strong> page is displayed.</span></li><li id="obs_03_0136__li51927620"><span>In the navigation pane on the left, click <strong id="obs_03_0136__obs_03_0134_b12922143915198">Permissions</strong> to go to the permission management page.</span></li><li id="obs_03_0136__li38201242113212"><span>In the <strong id="obs_03_0136__b1897929203810">Custom Bucket Policies</strong> area, click <strong id="obs_03_0136__b12658181515388">Create Bucket Policy</strong>. The <strong id="obs_03_0136__b123217207386">Create Bucket Policy</strong> dialog box is displayed.</span></li><li id="obs_03_0136__li17931032163517"><span>Set the following parameters to authorize another account with the permission to access the bucket:</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0136__table7531653104420" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for authorizing the permission to access a specified bucket</caption><thead align="left"><tr id="obs_03_0136__row2532105311447"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.2.5.2.1.2.3.1.1"><p id="obs_03_0136__p16532195364414">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.2.5.2.1.2.3.1.2"><p id="obs_03_0136__p15532145310443">Value</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0136__row953216536449"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.1 "><p id="obs_03_0136__p1653265344417">Policy Mode</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.2 "><p id="obs_03_0136__p95328538440"><strong id="obs_03_0136__b17344193373816">Customized</strong></p>
</td>
</tr>
<tr id="obs_03_0136__row16532753114417"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.1 "><p id="obs_03_0136__p353219537448">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.2 "><p id="obs_03_0136__p5532353104418"><strong id="obs_03_0136__b1090113873816">Allow</strong></p>
</td>
</tr>
<tr id="obs_03_0136__row115321753164415"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.1 "><p id="obs_03_0136__p1553215538449">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.2 "><ul id="obs_03_0136__ul136938242519"><li id="obs_03_0136__li969532495111"><strong id="obs_03_0136__b1934204183815">Include</strong></li><li id="obs_03_0136__li55464456211"><strong id="obs_03_0136__b19986319396">Other account</strong>: Enter the account ID. If you want to grant the permissions to all users, enter <strong id="obs_03_0136__b1970148163912">*</strong>.</li></ul>
<div class="note" id="obs_03_0136__note169743620209"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_03_0136__p19869727155311">The account ID and user ID can be obtained on the <strong id="obs_03_0136__b5198195019394">My Credentials</strong> page of the account or user to be authorized. <strong id="obs_03_0136__b620481417612">Account ID</strong> corresponds to <strong id="obs_03_0136__b54734251867">Domain ID</strong> on the <strong id="obs_03_0136__b1295920427618">My Credential</strong> page. If you grant the permission to only an account, you do not need to enter user IDs. If you want to grant the permission to an IAM user, you need to enter the account ID and user ID. You can grant the permission to multiple IAM users. Use commas (,) to separate the user IDs.</p>
</div></div>
</td>
</tr>
<tr id="obs_03_0136__row653285374414"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.1 "><p id="obs_03_0136__p753212538444">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.2 "><ul id="obs_03_0136__ul964933612542"><li id="obs_03_0136__li564933617545"><strong id="obs_03_0136__b9263916406">Include</strong></li><li id="obs_03_0136__li13501734155919">Leave it blank.</li></ul>
</td>
</tr>
<tr id="obs_03_0136__row18790945165418"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.1 "><p id="obs_03_0136__p12791194519544">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.2 "><ul id="obs_03_0136__ul815102155519"><li id="obs_03_0136__li161522195512"><strong id="obs_03_0136__b14869544017">Include</strong></li><li id="obs_03_0136__li270053214419">ListBucket</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0136__li10662531123619"><span>Click <strong id="obs_03_0136__b18384141019402">OK</strong>.</span></li><li id="obs_03_0136__li19114192519483"><span>Create another bucket policy and set the parameters according to the following table to grant the authorized account with access permissions to resources in the bucket.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0136__table1411420256485" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for authorizing the permission to access a specified bucket</caption><thead align="left"><tr id="obs_03_0136__row15115925144815"><th align="left" class="cellrowborder" valign="top" width="27.47%" id="mcps1.3.3.2.7.2.1.2.3.1.1"><p id="obs_03_0136__p12115172524813">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="72.53%" id="mcps1.3.3.2.7.2.1.2.3.1.2"><p id="obs_03_0136__p16115132554817">Value</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0136__row811513258484"><td class="cellrowborder" valign="top" width="27.47%" headers="mcps1.3.3.2.7.2.1.2.3.1.1 "><p id="obs_03_0136__p9115142594814">Policy Mode</p>
</td>
<td class="cellrowborder" valign="top" width="72.53%" headers="mcps1.3.3.2.7.2.1.2.3.1.2 "><p id="obs_03_0136__p1611542518488"><strong id="obs_03_0136__b1788651884">Customized</strong></p>
</td>
</tr>
<tr id="obs_03_0136__row1711512514810"><td class="cellrowborder" valign="top" width="27.47%" headers="mcps1.3.3.2.7.2.1.2.3.1.1 "><p id="obs_03_0136__p511511252487">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="72.53%" headers="mcps1.3.3.2.7.2.1.2.3.1.2 "><p id="obs_03_0136__p711532510482"><strong id="obs_03_0136__b406465026">Allow</strong></p>
</td>
</tr>
<tr id="obs_03_0136__row1115122518484"><td class="cellrowborder" valign="top" width="27.47%" headers="mcps1.3.3.2.7.2.1.2.3.1.1 "><p id="obs_03_0136__p1011552504817"><strong id="obs_03_0136__b7578192115249">Principal</strong></p>
</td>
<td class="cellrowborder" valign="top" width="72.53%" headers="mcps1.3.3.2.7.2.1.2.3.1.2 "><p id="obs_03_0136__p15548111217516">Keep the value consistent with the preceding policy.</p>
</td>
</tr>
<tr id="obs_03_0136__row1811522524818"><td class="cellrowborder" valign="top" width="27.47%" headers="mcps1.3.3.2.7.2.1.2.3.1.1 "><p id="obs_03_0136__p31151725114811"><strong id="obs_03_0136__b9181154132420">Resources</strong></p>
</td>
<td class="cellrowborder" valign="top" width="72.53%" headers="mcps1.3.3.2.7.2.1.2.3.1.2 "><ul id="obs_03_0136__ul71161425124816"><li id="obs_03_0136__li10116172511483"><strong id="obs_03_0136__b21864917">Include</strong></li><li id="obs_03_0136__li17116825174815">Resource name: <strong id="obs_03_0136__b1360682014254">*</strong></li></ul>
</td>
</tr>
<tr id="obs_03_0136__row1111672520488"><td class="cellrowborder" valign="top" width="27.47%" headers="mcps1.3.3.2.7.2.1.2.3.1.1 "><p id="obs_03_0136__p1411622544813"><strong id="obs_03_0136__b13145211172519">Actions</strong></p>
</td>
<td class="cellrowborder" valign="top" width="72.53%" headers="mcps1.3.3.2.7.2.1.2.3.1.2 "><ul id="obs_03_0136__ul16116225174814"><li id="obs_03_0136__li1116182512487"><strong id="obs_03_0136__b443118959">Include</strong></li><li id="obs_03_0136__li13116182554813">GetObject</li><li id="obs_03_0136__li1311616250482">GetObjectVersion</li><li id="obs_03_0136__li911632516486">PutObject</li><li id="obs_03_0136__li1011682554816">DeleteObject</li><li id="obs_03_0136__li181165258489">DeleteObjectVersion</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0136__li1339314712547"><span>Click <strong id="obs_03_0136__b49137262259">OK</strong>.</span></li></ol>
</div>
<div class="section" id="obs_03_0136__section88013218195"><h4 class="sectiontitle">Verification</h4><ol id="obs_03_0136__obs_03_0134_ol156616519218"><li id="obs_03_0136__obs_03_0134_l4b7405eee906443fbf78863c50e610ca"><span>Log in to OBS Browser.</span></li><li id="obs_03_0136__obs_03_0134_lc82457e25c0548d6bbabb6de63eb7732"><span>Click <strong id="obs_03_0136__obs_03_0134_b1674854817265">Add Bucket</strong> on the upper left corner of the page. The <strong id="obs_03_0136__obs_03_0134_b13751144862618">Add Bucket</strong> dialog box is displayed.</span></li><li id="obs_03_0136__obs_03_0134_li7377145292"><span>Select <strong id="obs_03_0136__obs_03_0134_b5912125062619">Add external bucket</strong> and enter the bucket name.</span></li><li id="obs_03_0136__obs_03_0134_la9ceacba80e54f22a68a7e5177d98bdc"><span>Click <strong id="obs_03_0136__obs_03_0134_b18805125942613">OK</strong>. The external bucket is added successfully.</span></li><li id="obs_03_0136__obs_03_0134_li758104014911"><span>Click the newly added external bucket to open the bucket.</span></li><li id="obs_03_0136__obs_03_0134_li66442415105"><span>Click <strong id="obs_03_0136__obs_03_0134_b77747554275">Upload Object</strong>, and objects can be successfully uploaded to the bucket.</span></li><li id="obs_03_0136__obs_03_0134_li8101136191118"><span>Select an object in the bucket and click <strong id="obs_03_0136__obs_03_0134_b69808597288">Delete</strong>. The object can be deleted successfully.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0433.html">External Buckets</a></div>
</div>
</div>
View Git Blame Copy Permalink