Help Center> Object Storage Service> obsbrowser (abandoned)> External Buckets> Application Example 3: Authorizing Access Permissions Required for Adding an External Bucket Through the Custom Bucket Policy
Updated on 2023-06-12 GMT+08:00

Application Example 3: Authorizing Access Permissions Required for Adding an External Bucket Through the Custom Bucket Policy

A custom bucket policy can be used to grant the read and write access permissions to the bucket to be added.

If a custom bucket policy is used to authorize such permissions, the HeadBucket, ListBucket, GetObject, and GetObjectVersion actions must be allowed. More actions can be allowed according to your actual needs.

Procedure

  1. Log in to OBS Console.
  2. In the bucket list, click the bucket name you want. The Objects page is displayed.
  3. In the navigation pane on the left, click Permissions to go to the permission management page.
  4. In the Custom Bucket Policies area, click Create Bucket Policy. The Create Bucket Policy dialog box is displayed.
  5. Set the following parameters to authorize another account with the permission to access the bucket:

    Table 1 Parameters for authorizing the permission to access a specified bucket

    Parameter

    Value

    Policy Mode

    Customized

    Effect

    Allow

    Principal

    • Include
    • Other account: Enter the account ID. If you want to authorize the permissions all users, enter *.
    NOTE:

    The account ID and user ID can be obtained on the My Credentials page of the account or user to be authorized. If you authorize the permission to only an account, you do not need to enter user IDs. If you want to authorize the permission to an IAM user, you need to enter the account ID and user ID. You can authorize the permission to multiple IAM users. Use commas (,) to separate the user IDs.

    Resources

    • Include
    • Leave it blank.

    Actions

    • Include
    • HeadBucket
    • ListBucket

  6. Click OK.
  7. Create another bucket policy and set the parameters according to the following table to grant the authorized account with access permissions to resources in the bucket.

    Table 2 Parameters for authorizing the permission to access a specified bucket

    Parameter

    Value

    Policy Mode

    Customized

    Effect

    Allow

    Principal

    Keep the value consistent with the preceding policy.

    Resources

    • Include
    • Resource name: *

    Actions

    • Include
    • GetObject
    • GetObjectVersion
    • PutObject
    • DeleteObject
    • DeleteObjectVersion

  8. Click OK.

Verification

  1. Log in to OBS Browser.
  2. Click Add Bucket on the upper left corner of the page. The Add Bucket dialog box is displayed.
  3. Select Add external bucket and enter the bucket name.
  4. Click OK. The external bucket is added successfully.
  5. Click the newly added external bucket to open the bucket.
  6. Click Upload Object, and objects can be successfully uploaded to the bucket.
  7. Select an object in the bucket and click Delete. The object can be deleted successfully.