Creating an IAM User and Granting OBS Permissions
You can use IAM for fine-grained access control over your OBS resources. With IAM, you can:
- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing OBS resources.
- Manage permissions on a principle of least permissions (PoLP) basis.
- Entrust a Huawei Cloud account or cloud service to perform efficient O&M on your OBS resources.
If your Huawei Cloud account does not require individual IAM users, skip this chapter.
Figure 1 shows the procedure for granting permissions.
Prerequisites
You have learned about the OBS permissions that can be assigned to a user group.
Process
The example here describes how to grant an IAM user the Tenant Guest permission for OBS.
- Create a user group and assign permissions.
Create a user group on the IAM console and assign the group the Tenant Guest permission.
- Create an IAM user and add it to the user group.
Create a user on the IAM console and add the user to the group created in 1.
- Log in to the console and verify permissions.
Log in to OBS Console using the newly created user, and verify that the assigned permission has taken effect:
- Choose Object Storage Service from the service list to go to the OBS homepage. If the list of buckets is displayed and you can view the basic information about any bucket, but you cannot create or delete buckets or perform any other operations, the granted Tenant Guest permission has already taken effect.
- Go to an OBS bucket. If the list of objects is displayed and you can download objects, but you cannot upload or delete objects or perform any other operations, the Tenant Guest permission granted has already taken effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot