Help Center/ Optical Character Recognition/ API Reference/ Appendix/ Configuring Access Permissions of OBS
Updated on 2023-12-18 GMT+08:00

Configuring Access Permissions of OBS

Multimedia files such as images and audio files in the Enterprise Intelligence (EI) services can be directly processed by OBS. This reduces service usage costs, shortens service response time, and improves service experience.

To ensure data security, a service can used authorized URLs (https://<bucket-name>.<endpoint>/<object-name>) to access files stored on OBS after it is granted with the required permission. Unauthorized services cannot obtain user data. To obtain the user data in this case, enable public read authorization or provide a URL that has been temporarily authorized.

Enabling Authorization for OCR

To use data in OBS, you need to enable OBS authorization. Go to the OCR console. Enable OBS Authorization. After the authorization is enabled, you can use the authorized URL to access the service.

Figure 1 OBS authorization

OBS must reside in the same region as OCR.

For details about the constraints on using OBS features, see Restrictions and Limitations.

(Optional) Enabling Public Read Authorization

To do so, configure the bucket policy to Public Read. For details, see Configuring a Standard Bucket Policy in Object Storage Service Console Operation Guide. This method is not recommended for private data.

Using Temporarily Authorized Requests for Authentication

Public read authorization is easy to use. However, when it is enabled, sensitive information, such as private data, may be disclosed. In this scenario, the temporary authorization function provided by OBS comes in handy.

OBS allows users to construct a specific URL for objects in OBS. The URL contains authentication information. Any user can use the URL to access the specified object in OBS, but the URL is valid only before the expiry time specified in Expires. After a user issues temporary authorization, other users can perform operations without requiring the user's access key.

For details about how to use the OBS temporary authorization function, see section "Authorized Access" in the Object Storage Service SDK Reference. Download the related SDK and sample code, and compile code to obtain the related URL.