Updated on 2024-08-15 GMT+08:00

Typical Permissions Scenarios

The permissions settings for typical scenarios are provided to facilitate permissions management.

You need to consider the following factors before configuring permissions:

  1. Who are granted access: A single IAM user, multiple IAM users or user groups, other accounts, or anonymous users
  2. What resources will be accessed: All OBS resources (service-level permissions), specified buckets, or specified objects
  3. What permissions are granted: Basic permissions, such as read and read/write permissions, or customized permissions

OBS provides various permission control methods for different scenarios. The following figure can help you quickly find the best method for your needs.

Figure 1 Typical permissions scenarios

The following table lists the typical scenarios for your reference.

Table 1 Typical permission configuration scenarios

Scenario

Quick Links for Permission Configuration

Granting permissions to a single IAM user under the current account

Granting an IAM User the Permissions to Create and List Buckets

Granting an IAM User the Read/Write Permission on a Bucket

Granting an IAM User the Specified Permissions for a Bucket

Granting an IAM User the Read Permissions on Specific Objects

Granting an IAM User the Specified Permissions on Specified Objects

Granting permissions to multiple IAM users or user groups under the current account

Granting IAM User Groups All Permissions for All OBS Resources

Granting IAM User Groups Basic Permissions for All OBS Resources

Granting IAM User Groups the Specified Permissions for All OBS Resources

Granting IAM User Groups the Specified Permissions for Certain OBS Resources

Granting permissions to other accounts

Granting Other Accounts the Read/Write Permission for a Bucket

Granting Other Accounts the Specified Permissions for a Bucket

Granting IAM Users Under an Account the Access to a Bucket and the Resources in It

Granting Other Accounts the Read Permission for Certain Objects

Granting Other Accounts the Specified Permissions for Certain Objects

Granting permissions to all accounts

Granting All Accounts the Public Read Permission for a Bucket

Granting All Accounts the Read Permission for a Directory

Granting All Accounts the Read Permission for Certain Objects

Temporarily Sharing Objects with All Accounts

Granting temporary permissions

Granting Temporary Access to OBS

Using enterprise projects to isolate resources

Allowing IAM Users to View Only Authorized Buckets

Restricting access to specified IP addresses

Restricting Access to a Bucket for Specific IP Addresses