Help Center/ Object Storage Migration Service/ FAQs/ Product Consulting/ How Do I Obtain Required Permissions for the Source and Destination Platform Accounts?
Updated on 2024-02-04 GMT+08:00

How Do I Obtain Required Permissions for the Source and Destination Platform Accounts?

Source Permissions

The following uses an OBS bucket on Huawei Cloud as the source bucket. If your source bucket is on another cloud platform, contact engineers of the cloud platform.

The source platform account needs the permissions for:
  • Listing all buckets
  • Obtaining bucket locations
  • Listing objects
  • Obtaining object metadata
  • Obtaining object content

You can use either of the following methods to obtain required permissions for the source platform account:

  • Use system-defined policy OBS Administrator. For details, see Creating a User Group and Assigning Permissions.
  • Create a custom policy that defines the permissions to list all buckets, obtain bucket location, list objects, obtain object metadata, and obtain object content.
    1. Log in to Huawei Cloud and click Console in the upper right corner.
    2. On the management console, hover the mouse pointer over the username in the upper right corner, and choose Identity and Access Management from the drop-down list.
    3. In the navigation pane on the left, choose Permissions > Policies/Roles.
    4. Click Create Custom Policy in the upper right corner.

    5. Specify a policy name, and set Scope to Global services and Policy View to JSON.
    6. Copy the following content to the box next to Policy Content and click OK.

      {
          "Version": "1.1",
          "Statement": [
              {
                  "Action": [
                      "obs:bucket:ListAllMyBuckets",
                      "obs:bucket:GetBucketLocation",
                      "obs:bucket:ListBucket",
                      "obs:object:GetObject"
                  ],
                  "Resource": [
                      "obs:*:*:bucket:*",
                      "obs:*:*:object:*"
                  ],
                  "Effect": "Allow"
              }
          ]
      }

After the custom policy is created, perform the following operations to obtain the permissions defined by the custom policy:

  • You must be able to access Huawei Cloud through both the programmatic and management console access methods.
  • It takes 15 to 30 minutes for the authorization to take effect.

Destination Permissions

The destination platform account needs the permissions for:
  • Listing objects in a bucket
  • Obtaining bucket locations
  • Listing buckets
  • Obtaining object metadata
  • Modifying object metadata
  • Obtaining object content
  • Uploading an object
  • Listing multipart uploads
  • Restoring archive objects
You can use either of the following methods to obtain required permissions for the destination platform account:
  • Use system-defined policy OBS Administrator. For details, see Creating a User Group and Assigning Permissions.
  • Create a custom policy.
    1. Log in to Huawei Cloud and click Console in the upper right corner.
    2. On the management console, hover the mouse pointer over the username in the upper right corner, and choose Identity and Access Management from the drop-down list.
    3. In the navigation pane on the left, choose Permissions > Policies/Roles.
    4. Click Create Custom Policy in the upper right corner.

    5. Specify a policy name, and set Scope to Global services and Policy View to JSON.
    6. Copy the following content to the box next to Policy Content and click OK.
      {
          "Version": "1.1",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": [
                      "obs:bucket:GetBucketLocation",
                      "obs:bucket:ListBucketMultipartUploads",
                      "obs:object:RestoreObject",
                      "obs:object:GetObject",
                      "obs:object:ModifyObjectMetaData",
                      "obs:bucket:ListBucket",
                      "obs:object:PutObject"
                  ],
                  "Resource": [
                      "OBS:*:*:bucket:*",
                      "OBS:*:*:object:*"
                  ]
              },
              {
                  "Effect": "Allow",
                  "Action": [
                      "obs:bucket:ListAllMyBuckets"
                  ]
              }
          ]
      }

After the custom policy is created, perform the following operations to obtain the permissions defined by the custom policy:

  • You must be able to access Huawei Cloud through both the programmatic and management console access methods.
  • It takes 15 to 30 minutes for the authorization to take effect.