Creating an IAM User and Granting OBS Permissions
You can use IAM for fine-grained access control over your OBS resources. With IAM, you can:
- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing OBS resources.
- Manage permissions on a principle of least permissions (PoLP) basis.
- Entrust a Huawei Cloud account or cloud service to perform efficient O&M on your OBS resources.
If your Huawei Cloud account does not require individual IAM users, skip this chapter.
Figure 1 shows the procedure for granting permissions.
Prerequisites
You have learned about the OBS permissions that can be assigned to a user group.
Process
The example here describes how to grant an IAM user the Tenant Guest permission for OBS.
- Create a user group and assign permissions.
Create a user group on the IAM console, and assign the Tenant Guest permission to it.
- Create an IAM user and add it to the user group.
Create a user on the IAM console and add it to the user group created in 1.
- Log in to the console and verify permissions.
Log in to the OBS Console as the created user and verify the assigned permission.
- If you can view the bucket list of the account and can click any bucket to obtain its basic information, but you cannot create or delete buckets or perform any other operations, the Tenant Guest permission is in effect.
- Go to an OBS bucket. If you can view the object list and can download objects, but you cannot upload or delete objects or perform any other operations, the Tenant Guest permission is in effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot