Authorizing a Third Party to Upload Objects
Scenarios
If a third-party user does not have the upload permission, you can grant temporary permissions to them for accessing OBS and uploading objects within a validity period. For example, some companies have user management systems that manage app users and local users. These users do not have IAM user permissions, so you can grant temporary permissions to allow these users to temporarily access OBS.
Use either of the following methods:
- Temporary security credentials
- A temporary URL
Important Notes
Method |
Description |
---|---|
Temporary security credentials |
The validity period of temporary security credentials is from 15 minutes to 24 hours. |
When obtaining temporary security credentials, you can send the policy parameter to request for the least temporary permissions that can be granted to IAM users. |
|
Temporary URL |
Only the bucket owner can grant a temporary URL to others. If the owner changes the validity period of a URL, OBS obtains the authentication information again to generate a new URL. |
The obs:PutObject permission is required for uploading an object using a temporary URL. |
Using Temporary Security Credentials to Grant Upload Permissions
You can assign temporary security credentials (including an AK, an SK, and a security token) to a third-party application or an IAM user, so that they can access OBS only for a specified period of time.
The temporary AK/SK and the security token must be used together to call an API for authentication and the x-obs-security-token field must be added to the request header.
For details, see Accessing OBS Using Temporary Access Keys.
Using a Temporary URL to Grant Upload Permissions
ObsClient allows you to create a URL with Query parameters that carry authentication information by specifying the security credentials, request method, and request parameters. You can share this URL with other users for them to make a temporary access. You need to specify the validity period of the temporary URL to restrict the allowed access duration.
Temporary URLs allow third-party users to upload objects without security credentials or authorization. OBS stores the objects uploaded by third-party users in a specified bucket.
For details, see Accessing OBS Using a Temporary URL.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot