Why the Message "Access denied" Still Appears After the OBS System Permissions Are Authorized by IAM?
Cause
System permissions such as OBS ReadOnlyAccess, OBS OperateAccess, and OBS Buckets Viewer preset in IAM only allow a part of OBS operations. For example, the OBS OperateAccess permission can list buckets, obtain basic bucket information, obtain bucket metadata, list objects, upload objects, download objects, delete objects, and obtain object ACLs. Performing each operation requires calling an OBS API.
After your account has been authorized with the system permissions, you can call these APIs directly or through SDKs. However, when you log in to OBS Console or using a client tool such as OBS Browser+, more APIs are called to load the bucket list or bucket's overview page. If your permissions do not cover those APIs, your access is denied, or you are prompted that the operation is not allowed. For example, loading the bucket's overview page calls the APIs to query the configuration statuses of lifecycle rules and CORS rules. See Figure 1. However, the preset system permissions do not cover these operations.
Solutions
Authorized permissions are valid, though operations on the console or client are restricted. You can call the APIs directly or through SDKs.
On OBS Console or OBS Browser+ (a client), the OBS OperateAccess permission allows you to upload and download objects.
If you do not want those error messages to appear, you can configure OBS Custom Policies on the IAM console to grant more OBS permissions to a user group, and add the user who requires the permissions to the user group.
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.