Help Center> Object Storage Service> FAQs> Security> Why an Authorized Account or User Cannot Upload or Download KMS Encrypted Objects?

View PDF

Why an Authorized Account or User Cannot Upload or Download KMS Encrypted Objects?

Before using the server-side encryption function of OBS, ensure that the KMS Administrator permission has been granted to the account or user on IAM. If the current account or user is the grantee, it also requires the KMS Administrator permission. Contact your entrusting party for authorization. For details, see Account Delegation.

Note: Data Encryption Workshop (DEW), to which KMS is a sub-service, is not available globally. Therefore, the KMS Administrator permission must be configured in the region where the bucket resides. The agency information is stored on IAM. The configuration takes effect approximately 15 minutes after the configuration is complete.

Parent topic: Security

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English

Help Center

Why an Authorized Account or User Cannot Upload or Download KMS Encrypted Objects?