Help Center> Object Storage Service> Permissions Configuration Guide> Configuration Cases in Typical Permission Control Scenarios> Granting Permissions to Anonymous Users> Granting Anonymous Users the Read Permission for a Directory
Updated on 2024-05-31 GMT+08:00
View PDF

Granting Anonymous Users the Read Permission for a Directory

Scenario

If all objects in a folder need to be accessible to anonymous users, you can configure a bucket policy to grant anonymous users the permission to access the folder.

Configuration Precautions

In this case, the preset template Directory read-only allows specified IAM users to perform the following actions on specified objects in a bucket:

  • ListBucket (to list objects in the bucket and obtain the bucket metadata)
  • HeadBucket (to check whether the bucket exists)
  • GetBucketLocation (to get the bucket location)
  • ListBucketVersions (to list object versions in the bucket)
  • GetObject (to obtain object content and metadata)
  • RestoreObject (to restore objects from Archive storage)
  • GetObjectAcl (to obtain the object ACL)
  • GetObjectVersion (to obtain the content and metadata of a specified object version)
  • GetObjectVersionAcl (to obtain the ACL of a specified object version)

Some bucket-related permissions (HeadBucket and GetBucketLocation) are needed in this configuration. Take care when granting such permissions.

Procedure

  1. In the navigation pane of OBS Console, choose Object Storage.
  2. In the bucket list, click the bucket name you want to go to the Objects page.
  3. In the navigation pane, choose Permissions > Bucket Policy.
  4. On the Bucket Policies page, click Create.
  5. Locate the row containing Directory read-only and click Use Policy Template.
  6. Configure parameters for a bucket policy.

    Figure 1 Configuring bucket policy parameters
    Table 1 Parameter description

    Parameter

    Description

    Policy View

    Set this parameter based on your own habits. Visual editor is used here.

    Policy Name

    Enter a policy name.

    Policy Content
    • Select Allow.
    • Parameters under Principal:
      • Principal: Select Anonymous user.
      • User Policy: Select Include specified users.
    • Parameters under Resources:
      • Resource: Select both Current bucket and Object in bucket.
      • Object in bucket: Select Specified objects.

        Set this parameter to all objects in the selected folder. If the folder name is folder-001, enter the value folder-001/*.

  7. After configuring the required parameters, click Next.
  8. Ensure all the configurations are correct and click Create.

Verification

After the permission is set, click an object in the folder. Its URL is displayed under Link. Share the URL over the Internet, so that all users can access or download the object through the Internet.