Creating an IAM User and Granting OBS Permissions

You can use IAM for fine-grained access control over your OBS resources. With IAM, you can:

Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing OBS resources.
Manage permissions on a principle of least permissions (PoLP) basis.
Entrust a Huawei Cloud account or cloud service to perform efficient O&M on your OBS resources.

If your Huawei Cloud account does not require individual IAM users, skip this chapter.

Figure 1 shows the procedure for granting permissions.

You have learned about the OBS permissions that can be assigned to a user group.

Figure 1 Process of granting an IAM user the OBS permissions

The below example describes how to grant an IAM user the Tenant Guest permission for OBS.

Create a user group and assign permissions.
Create a user group on the IAM console, and assign the group the Tenant Guest permission.
Create an IAM user and add it to the user group.
Create a user on the IAM console and add the user to the group created in 1.
Log in and verify the permission granting.
Log in to OBS Console using the newly created user, and verify that the assigned permission has taken effect:
- Choose Object Storage Service from the service list to go to the OBS homepage. If the list of buckets is displayed and you can view the basic information about any bucket, but you cannot create or delete buckets or perform any other operations, the granted Tenant Guest permission has already taken effect.
- Go to an OBS bucket. If the list of objects is displayed and you can download objects, but you cannot upload or delete objects or perform any other operations, the Tenant Guest permission granted has already taken effect.