Help Center/ Object Storage Service/ Permissions Configuration Guide/ Typical Permission Control Scenarios
Updated on 2024-02-26 GMT+08:00

Typical Permission Control Scenarios

The following typical scenarios are provided to help you better configure OBS permission control.

Factors to consider before configuring permission control:

  1. Who are granted: Grantees can be a single IAM user, multiple IAM users or user groups, other accounts, and anonymous users.
  2. What resources will be accessed: Such resources can be all OBS resources (requiring service-level permissions), specified buckets, and specified objects.
  3. What permissions are granted: In addition to configure basic permissions, such as read and read/write permissions, you can also customize permissions based on your needs.

OBS provides various permission control mechanisms for different scenarios. The following figure can help you quickly find the best method that matches your requirements.

Figure 1 Typical permission scenarios

The following table lists the permission control cases in typical scenarios for your reference.

Table 1 Configuration cases in typical scenarios

Scenario

Configuration Case

Granting permissions to an IAM user under the current account

Granting an IAM User the Permissions Required to List and Create Buckets

Granting an IAM User the Read/Write Permission for a Bucket

Granting an IAM User the Specified Permissions for a Bucket

Granting an IAM User the Read Permission for Specific Objects

Granting an IAM User the Specified Permissions for Certain Objects

Granting permissions to multiple IAM users or user groups under the current account

Granting IAM User Groups All Permissions for All OBS Resources

Granting IAM User Groups Basic Permissions for All OBS Resources

Granting IAM User Groups the Specified Permissions for All OBS Resources

Granting IAM User Groups the Specified Permissions for Certain OBS Resources

Granting permissions to other accounts

Granting Other Accounts the Read/Write Permission for a Bucket

Granting Other Accounts the Specified Permissions for a Bucket

Granting IAM Users Under an Account the Access to a Bucket and the Resources in It

Granting Other Accounts the Read Permission for Certain Objects

Granting Other Accounts the Specified Permissions for Certain Objects

Granting permissions to anonymous users

Granting Anonymous Users the Public Read Permission for a Bucket

Granting Anonymous Users the Read Permission for a Directory

Granting Anonymous Users the Read Permission for Certain Objects

Temporarily Sharing Objects with Anonymous Users

Granting temporary permissions

Granting Temporary Access to OBS

Restricting access to specified IP addresses

Restricting Access to a Bucket for Specific IP Addresses