Creating a User and Granting OBS Permissions
This chapter describes how to use IAM to implement fine-grained permissions control for your OBS resources. With IAM, you can:
- Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to OBS resources.
- Grant only the permissions required for users to perform a task.
- Entrust a HUAWEI CLOUD account or cloud service to perform efficient O&M on your OBS resources.
If your HUAWEI CLOUD account does not require individual IAM users, skip this chapter.
This section describes the procedure for granting permissions (see Figure 1).
Prerequisites
Learn about the permissions (see Permissions Management) supported by OBS and choose policies or roles according to your requirements. For the system-defined policies of other services, see System Permissions.
Process
- Create a user group and assign permissions to it.
Create a user group on the IAM console, and attach the OBS ReadOnlyAccess policy to the group.
- Create an IAM user.
Create a user on the IAM console and add the user to the group created in 1.
- Log in and verify permissions.
Log in to the OBS console by using the newly created user, and verify that the user only has the permissions for OBS.
- Choose Object Storage Service from the service list. The home page of OBS Console is displayed. If the list of buckets is displayed and you can view objects in any bucket but cannot upload objects, download objects, or perform other operations on objects, the OBS ReadOnlyAccess policy has already taken effect.
- In the navigation pane on the left, choose CDN. If a message is displayed indicating insufficient permissions to perform the operation, the OBS ReadOnlyAccess policy has already taken effect.
Last Article: Configuring IAM Permissions
Next Article: OBS Custom Policies
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.