Permission Configurations
Application scenarios and main functions of permission configurations for parallel file systems are the same as those for object storage. For more information, see OBS Permission Control.
Main Permission Configuration Differences
To exactly match a specific directory, the resource path in the policy must end with a slash (/). When checking permissions, parallel file systems consider objects as directories. If the object identifier does not end with a slash (/), the system will add a slash (/) to the end of the object identifier and then performs a policy matching.
IAM Permission Examples
Example 1: Grant a user the permissions required to download dir_1, excluding its subdirectories.
The policy is configured as follows. The resource path ends with a slash (/). In such case, a success response can be returned when dir_1 or dir_1/ is contained in the URL of a head request.
Note: This policy is not applied to subdirectories or files in dir_1. Therefore, a failure response will be returned if a head request is sent to dir_1/file1.
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "obs:object:GetObject", ], "Resource": [ "obs:*:*:object:examplebucket/dir_1/", ] } ] }
Example 2: Grant a user the permissions required to download dir_1 and its subdirectories.
The policy is configured as follows. The resource path uses prefix match and ends with a wildcard (*). In such case, a success response can be returned when a head request is sent to dir_1/file1.
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "obs:object:GetObject", ], "Resource": [ "obs:*:*:object:examplebucket/dir_1/*", ] } ] }
Bucket Policy Examples
Example 1: Grant a user the permissions required to download dir_1, excluding its subdirectories.
The policy is configured as follows. The resource path ends with a slash (/). In such case, a success response can be returned when dir_1 or dir_1/ is contained in the URL of a head request.
{ "Statement":[ { "Sid":"test", "Effect":"Allow", "Principal": {"ID": ["domain/b4bf1b36d9ca43d984fbcb9491b6fce9:user/71f3901173514e6988115ea2c26d1999"]}, "Action":["*"], "Resource":[ "examplebucket/dir_1/", ] } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot