Help Center/ Object Storage Migration Service/ FAQs/ Product Consulting/ How Do I Obtain Required Permissions for the Source and Destination Platform Accounts?

Updated on 2025-12-08 GMT+08:00

View PDF

How Do I Obtain Required Permissions for the Source and Destination Platform Accounts?

Source Permissions

The following uses an OBS bucket on Huawei Cloud as the source bucket. If your source bucket is on another cloud platform, contact engineers of the cloud platform.

The source platform account needs the permissions for:

Listing all buckets
Obtaining bucket locations
Listing objects
Obtaining object metadata
Obtaining object content

You can use either of the following methods to obtain required permissions for the source platform account:

Use system-defined roles OBS Administrator and KMS Administrator. For details, see Creating a User Group and Assigning Permissions.

Create a custom policy that defines the permissions to list all buckets, obtain bucket location, list objects, obtain object metadata, and obtain object content.

Log in to the IAM console.
In the navigation pane on the left, choose Permissions > Policies/Roles.
Click Create Custom Policy in the upper right corner.
Enter a policy name and select JSON for Policy View.

Copy the following content to the box next to Policy Content and click OK.

Click to enlarge

{
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "obs:bucket:ListAllMyBuckets",
                "obs:bucket:GetBucketLocation",
                "obs:bucket:ListBucket",
                "obs:object:GetObject"
            ],
            "Resource": [
                "obs:*:*:bucket:*",
                "obs:*:*:object:*"
            ],
            "Effect": "Allow"
        }
    ]
}

After the custom policy is created, perform the following operations to obtain the permissions defined by the custom policy:

If you have joined a user group, assign the custom policy to the user group, and you will obtain the permissions defined by the custom policy. For details, see Assigning Permissions to a User Group.
If you have not joined a user group, perform the following steps:
1. Create a user group and assign the custom policy to it. For details, see Creating a User Group and Assigning Permissions.
2. Add yourself to the user group. You will have the permissions of the user group. For details, see Adding Users to a User Group.

You must be able to access Huawei Cloud through both the programmatic and management console access methods.
It takes 15 to 30 minutes for the authorization to take effect.

Destination Permissions

The destination platform account needs the permissions for:

Listing objects in a bucket
Obtaining bucket locations
Listing buckets
Obtaining object metadata
Modifying object metadata
Obtaining object content
Uploading an object

Listing multipart uploads
Restoring archived objects

You can use either of the following methods to obtain required permissions for the destination platform account:

Use system-defined roles OBS Administrator and KMS Administrator. For details, see Creating a User Group and Assigning Permissions.

Create a custom policy.

Log in to the IAM console.
In the navigation pane on the left, choose Permissions > Policies/Roles.
Click Create Custom Policy in the upper right corner.
Enter a policy name and select JSON for Policy View.

Copy the following content to the box next to Policy Content and click OK.

{
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "obs:bucket:GetBucketLocation",
                "obs:bucket:ListBucketMultipartUploads",
                "obs:object:RestoreObject",
                "obs:object:GetObject",
                "obs:object:ModifyObjectMetaData",
                "obs:bucket:ListBucket",
                "obs:object:PutObject"
            ],
            "Resource": [
                "OBS:*:*:bucket:*",
                "OBS:*:*:object:*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "obs:bucket:ListAllMyBuckets"
            ]
        }
    ]
}

After the custom policy is created, perform the following operations to obtain the permissions defined by the custom policy:

If you have joined a user group, assign the custom policy to the user group, and you will obtain the permissions defined by the custom policy. For details, see Assigning Permissions to a User Group.
If you have not joined a user group, perform the following steps:
1. Create a user group and assign the custom policy to it. For details, see Creating a User Group and Assigning Permissions.
2. Add yourself to the user group. You will have the permissions of the user group. For details, see Adding Users to a User Group.

You must be able to access Huawei Cloud through both the programmatic and management console access methods.
It takes 15 to 30 minutes for the authorization to take effect.

Parent topic: Product Consulting

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel