Configuring Access Permissions of OBS
Multimedia files such as images and audio files in the Enterprise Intelligence (EI) services can be directly processed by OBS. This reduces service usage costs, shortens service response time, and improves service experience.
To ensure data security, a service can used authorized URLs (https://<bucket-name>.<endpoint>/<object-name>) to access files stored on OBS after it is granted with the permission. If not permitted, services cannot directly obtain user data. To obtain the user data, public read authorization must be enabled or a temporarily authorized URL must be provided.
Service Authorization
To use data in OBS, you need to enable OBS authorization. Log in to the Content Moderation management console and click Service Management. Enable OBS Authorization. After the authorization is enabled, you can use the authorized URL to access the service.
The region of OBS must be consistent with that of Image Recognition.
Enabling Public Read Authorization
For details about how to enable public read authorization, see Permission Control in the Object Storage Service Console Operation Guide. Then, you can access the data on OBS using the URL after the corresponding files are uploaded to OBS. The URL can also serve as EI services' API request parameter for using related service APIs.
Using Temporary Request Authentication
Public read authorization is easy to use. However, when it is enabled, sensitive information, such as private data, may be disclosed. In this scenario, the temporary authorization function provided by OBS can be used.
OBS allows users to construct a specific URL for objects in OBS. The URL contains authentication information. Any user can use the URL to access the specified object in OBS, but the URL is valid only before the expiry time specified by Expires. After a user issues temporary authorization, other users can perform desired operations without knowing the user's secret access key.
For details about how to use the OBS temporary authorization function, see section "Authorized Access" in the Object Storage Service SDK Reference. Download the related SDK and sample code, and compile code to obtain the related URL.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot