Updated on 2024-03-04 GMT+08:00

Overview

OBS supports the following permission control mechanisms:

  • IAM policies: IAM policies define the actions that can be performed on your cloud resources. In other words, IAM policies specify what actions are allowed or denied.
  • Bucket policies and object policies:

    A bucket policy applies to the configured bucket and objects in the bucket. A bucket owner can use a bucket policy to grant permissions of buckets and objects in the buckets to IAM users or other accounts.

    In a bucket policy applied to a VDC read-only administrator, only read permissions (such as the permissions for listing or downloading objects) take effect. VDC read-only administrators cannot modify resources.

    An object policy applies to specified objects in a bucket.

  • Access control lists (ACLs): Control the read and write permissions for accounts. You can set ACLs for buckets and objects.