Overview

If you have ACL permissions on buckets of other users, you can add them through OBS Browser+ as external buckets. By doing so, you can access these external buckets locally using your account.

By default, after user A has added a bucket of user B and uploaded an object to the bucket, user B cannot download the object.

You can grant read and write permissions to a bucket through the bucket ACL or bucket policy. Permissions controlled by a bucket ACL are as follows:

Permissions controlled by a standard bucket policy are as follows:

If a custom bucket policy is used to authorize such permissions, the HeadBucket, ListBucket, GetObject, and GetObjectVersion actions must be allowed. More actions can be allowed according to your actual needs.

The following are some restrictions when you (the user who adds the bucket) operate the external bucket:

• You cannot restore Archive objects that are not yours in the external bucket. You can view the object restore status only when the owner of those Archive objects grants you the read permission for the objects.
• You can perform only authorized actions on existing objects in the external bucket. If you want to perform additional operations on an object, you need to get corresponding permissions granted by the object owner.
• If you upload an object to the external bucket, the object ACL permissions will be automatically granted to the bucket owner, including the read permission for the object and the read and write permissions for the object ACL.
• The encrypted objects you uploaded to the external bucket cannot be accessed by the bucket owner, because the bucket owner does not have the key.
• To download an object from the external bucket, you must have the read permission for the object. You cannot download encrypted objects from the external bucket.