Why Does Message "Access denied" Appear After I Was Granted the Read and Write Permissions for a Bucket?
Cause
If you use a bucket policy to grant the IAM user the bucket read and write permissions, the IAM user has the permissions to call the following APIs:
- GetObject: downloading objects
- GetObjectVersion: downloading objects and their versions
- PutObject: uploading objects
- DeleteObject: deleting objects
- DeleteObjectVersion: deleting objects and their versions
Each API requires an operation permission. IAM users can call these APIs directly or through SDKs. However, when you log in to OBS Console or using a client tool such as OBS Browser+, more APIs (such as ListAllMyBuckets and ListBucket) are called to load the bucket list and object list. If your permissions do not cover those APIs, your access is denied, or you are informed that the operation is not allowed.
Solutions
Authorized permissions are valid, though operations on the console or client are restricted. You can call the APIs directly or through SDKs.
If you want to access OBS through OBS Console or OBS Browser+ (a client), you can configure OBS custom policies on the IAM console to grant more OBS permissions to a user group, and add the user who requires the permissions to this group.
Access Control FAQs
- How Can I Control Access to OBS?
- What Are the Differences Between Using an IAM Permission and a Bucket Policy in Access Control?
- What Is the Relationship Between a Bucket Policy and an Object Policy?
- Why Is the Message "Access denied" Still Appearing After OBS System Permissions Were Assigned by IAM?
- Why Does Message "Access denied" Appear After I Was Granted the Read and Write Permissions for a Bucket?
- Why Can't I Access OBS (403 AccessDenied) After Being Granted with the OBS Access Permission?
- How Do I Control Access to Folders in an OBS Bucket?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore