What Should I Do If I Fail to Transfer Data to an OBS Bucket Authorized by a Key of Another Tenant?

Background

Tenant A uses the key authorization mechanism of Data Encryption Workshop (DEW) to share a DEW key with user B of another tenant by user ID. User B has created an OBS bucket encrypted using the DEW key of tenant A. However, user B fails to configure the CTS system tracker to transfer data to this bucket.

Procedure

1. Log in to the management console of user B.
2. Click in the upper left corner and choose Management & Governance > Identity and Access Management.
3. In the left navigation pane, choose Agencies. On the displayed page, enter cts_admin_trust in the search box to obtain the agency ID.

   

4. Log in to the management console of tenant A.
5. Click in the upper left corner and choose Security & Compliance > Data Encryption Workshop.
6. On the Key Management Service page, click the name of the target key.
7. Click the Grants tab and click Create Grant. In the user ID text box, enter the agency ID of cts_admin_trust obtained in Step 3.

   

8. Log in to the management console of user B.
9. Click in the upper left corner and choose Management & Governance > Cloud Trace Service.
10. Go to the tracker transfer configuration page and select the OBS bucket encrypted with the DEW shared key.