Updated on 2025-08-04 GMT+08:00

Typical Permissions Scenarios

The permissions settings for typical scenarios are provided to facilitate permissions management.

You need to consider the following factors before configuring permissions:

  1. Who are granted access: A single IAM user, multiple IAM users or user groups, other accounts, or anonymous users
  2. What resources will be accessed: All OBS resources (service-level permissions), specified buckets, or specified objects
  3. What permissions are granted: Basic permissions, such as read and read/write permissions, or customized permissions

OBS provides various permission control methods for different scenarios. The following figure can help you quickly find the best method for your needs.

Figure 1 Typical permissions scenarios

The following table lists the typical scenarios for your reference.

Table 1 Typical permission configuration scenarios

Scenario

Quick Links for Permission Configuration

Granting permissions to a single IAM user under the current account

Granting an IAM User the Permissions to Create and List Buckets

Granting an IAM User the Read/Write Permission on a Bucket

Granting an IAM User the Specified Permissions for a Bucket

Granting an IAM User the Read Permissions on Specific Objects

Granting an IAM User the Specific Permissions on Specific Objects

Granting permissions to multiple IAM users or user groups under the current account

Granting IAM User Groups All Permissions on All OBS Resources

Granting IAM User Groups Basic Permissions on All OBS Resources

Granting IAM User Groups Specific Permissions for All OBS Resources

Granting IAM User Groups Specific Permissions on Specific OBS Resources

Granting permissions to other accounts

Granting Other Accounts the Read/Write Permission for a Bucket

Granting Other Accounts the Specified Permissions for a Bucket

Granting IAM Users Under an Account the Access to a Bucket and the Resources in It

Granting Other Accounts the Read Permission for Certain Objects

Granting Other Accounts Specific Permissions for Specific Objects

Granting permissions to all accounts

Granting All Accounts the Public Read Permission for a Bucket

Granting All Accounts the Read Permission for a Directory

Granting All Accounts the Read Permission for Certain Objects

Temporarily Sharing Objects with All Accounts

Granting temporary permissions

Granting Temporary Access to OBS

Using enterprise projects to isolate resources

Allowing IAM Users to View Only Authorized Buckets

Restricting access to specified IP addresses

Restricting Access to a Bucket for Specific IP Addresses