Configuring Access Permissions of OBS

Enabling Authorization for OCR

To use data in OBS, you need to enable OBS authorization. Go to the OCR console. Enable OBS Authorization. After the authorization is enabled, you can use the authorized URL to access the service.

Figure 1 OBS authorization

OBS must reside in the same region as OCR.

For details about the constraints on using OBS features, see Restrictions and Limitations.

(Optional) Enabling Public Read Authorization

To do so, configure the bucket policy to Public Read. For details, see Configuring a Standard Bucket Policy in Object Storage Service Console Operation Guide. This method is not recommended for private data.

Using Temporarily Authorized Requests for Authentication

Public read authorization is easy to use. However, when it is enabled, sensitive information, such as private data, may be disclosed. In this scenario, the temporary authorization function provided by OBS comes in handy.

OBS allows users to construct a specific URL for objects in OBS. The URL contains authentication information. Any user can use the URL to access the specified object in OBS, but the URL is valid only before the expiry time specified in Expires. After a user issues temporary authorization, other users can perform operations without requiring the user's access key.

For details about how to use the OBS temporary authorization function, see section "Authorized Access" in the Object Storage Service SDK Reference. Download the related SDK and sample code, and compile code to obtain the related URL.