Resource Preparation

Before using obsfs, you need to prepare the resources listed in Table 1.

**Table 1** Resource preparation
Resource	Description	Operation Guide
IAM user	To ensure account and resource security, it is safer to create an IAM user and assign permissions to that user specifically for accessing OBS resources. Then use the IAM account to access obsfs. NOTE: The IAM user who uses obsfs to mount and access a parallel file system must have the same access permissions for OBS buckets. After an OBS role or policy is granted to an IAM user, the role or policy will apply to both OBS buckets and parallel file systems.	Creating an IAM User
Access keys (AK and SK)	Access keys (AK and SK) are used as credentials for your account and for IAM users. obsfs accesses OBS using access keys that are used to encrypt the signature of a request, ensuring the security and integrity of the request and that identities of the request sender and receiver are correct.	Creating Access Keys (AK and SK)
Parallel file system	A parallel file system is a container for storing data.	Creating a Parallel File System

Creating an IAM User

To ensure account and resource security, it is safer to create an IAM user and assign permissions to that user specifically for accessing OBS resources. Then use the IAM account to access obsfs.

Log in to the management console using a cloud service account.
On the top navigation bar, choose Service List > Management & Deployment > Identity and Access Management. The IAM console is displayed.
Create a user group and grant the OBS permissions to the user group.
User groups facilitate centralized user management and streamlined permission management. Users in the same user group have the same permissions. Users created in IAM inherit permissions from the groups to which they belong.
1. In the navigation pane on the left, click User Groups. The User Groups page is displayed.
2. Click Create User Group.
3. On the Create User Group page, enter a name for the user group and click OK.
  The user group is then displayed in the user group list.
4. Click Assign Permissions in the Operation column of the row where the created user group resides.
5. In the Group Permissions area, locate the row that displays Global service > OBS, click Attach Policy in the Operation column, select the policy name, and click OK.
  
  In the Policy Information area, you can view the details about the policy.
  
  Due to data caching, an RBAC policy and fine-grained policy involving OBS actions will take effect 10 to 15 minutes after it is attached to a user, a user group, or an enterprise project.

Create a user.

In the navigation pane on the left, click Users. The Users page is displayed.
Click Create User.

Set the user information and click Next.

**Table 2** User parameters
Parameter	Description
Username	The user name for logging in to the cloud service.
Credential Type	A credential refers to the identity credential used for user system authentication. In this example, password is selected. Password: Used for accessing cloud services using the console or development tools. Access key: Used for logging in to the cloud service using development tools. This credential type is more secure, and is recommended if the user does not need to use the console.
User Groups	The user will inherit the permissions granted to the user group. The default user group is admin, which has the administrator permissions and all of the permissions required to use all cloud resources.
Description	(Optional) brief description of the user

Select a type for password generation, set the email address and mobile number, and click OK.

Use the created IAM user to log in to OBS Console and verify the user permissions.

Creating Access Keys (AK and SK)

Access keys (AK and SK) are used as credentials for your account and for IAM users. obsfs accesses OBS using access keys that are used to encrypt the signature of a request, ensuring the security and integrity of the request and that identities of the request sender and receiver are correct. For details about how to create access keys, see Access Keys (AK/SK). If you already have them, skip this part.

Each account or IAM user can create a maximum of two valid access keys.