Help Center> Object Storage Service> User Guide (ME-Abu Dhabi Region)> OBS Console Operation Guide> Permission Control> Application Cases> Granting an IAM User with the Operation Permissions for a Specified Bucket
Updated on 2022-05-17 GMT+08:00
View PDF

Granting an IAM User with the Operation Permissions for a Specified Bucket

Create an IAM user under in an account. The IAM user has no permission to any resource before it is added to any user group. The bucket owner (root account) or other accounts and IAM users, who have the permission to set bucket policies, can configure bucket policies to grant the bucket operation permissions to IAM users.

The following is an example about how to authorize an IAM user with the bucket access and object upload permissions.

Procedure

  1. In the bucket list, click the bucket to be operated. The Overview page of the bucket is displayed.
  2. In the navigation pane on the left, click Permissions to go to the permission management page.
  3. Choose Bucket Policies > Custom Bucket Policies.
  4. Click Create Bucket Policy. The Create Bucket Policy dialog box is displayed.
  5. Set the following parameters to authorize the IAM user with the permission to access the bucket (listing objects in the bucket).

    Table 1 Parameters for authorizing the permission to access a specified bucket

    Parameter

    Value

    Policy Mode

    Customized

    Effect

    Allow

    Principal
    • Include
    • Select Current account and select the IAM user to be authorized.

    Resources
    • Include
    • Leave it blank.

    Actions
    • Include
    • ListBucket

  6. Click OK.
  7. Click Create Bucket Policy. The Create Bucket Policy dialog box is displayed.
  8. Set the following parameters to authorize the IAM user with the permission to upload objects to the bucket.

    Before authorizing the IAM user with the permission to operate objects, ensure that the user has the permission to access the bucket.

    Table 2 Parameters for authorizing the permission to upload objects

    Parameter

    Value

    Policy Mode

    Customized

    Effect

    Allow

    Principal
    • Include
    • Select Current account and select the IAM user to be authorized.

    Resources
    • Include
    • Resource name: *

    Actions
    • Include
    • PutObject
    NOTE:

    In this example, only the permission to upload objects is granted. You can select multiple actions and granting other operation permissions to the IAM user The asterisk (*) indicates all operations.

    For details about the supported actions, see Actions.

  9. Click OK.
Parent topic: Application Cases