检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For example, to grant permissions to an IAM user for buckets whose names start with TestBucket, create a custom policy, specify the resource path as OBS:*:*:bucket:TestBucket*, and attach the policy to the user.
"Condition": { "StringEquals": { "obs:prefix": [ "public" ] } } Resource No Array of strings Cloud resource. NOTE: Format: ::::. For example, obs:::bucket:*. Asterisks are allowed.
OBS does not support API access control policies. To restrict access to OBS resources, see Restricting Bucket Access to Specified IP Addresses. If none of the preceding scenarios apply, modify your API access control policy.
OBS Operator OBS OperateAccess OBS Viewer OBS ReadOnlyAccess RDS RDS Admin RDS FullAccess RDS DBA RDS ManageAccess RDS Viewer RDS ReadOnlyAccess RES RES Admin RES FullAccess RES Viewer RES ReadOnlyAccess ROMA Connect ROMA Admin ROMA FullAccess ROMA Viewer ROMA ReadOnlyAccess SCM
"Condition": { "StringEquals": { "obs:prefix": [ "public" ] } } Resource No Array of strings Cloud resource. NOTE: Format: ::::. For example, obs:::bucket:*. Asterisks are allowed.
bucket:ListAllMybuckets", "obs:bucket:HeadBucket", "obs:bucket:ListBucket", "obs:bucket:GetBucketLocation" ], "Resource": [
Cause: The service (such as OBS) provides separate permissions control. Grant the user permissions by referring to the service documentation. For example, see Introduction to OBS Permission Control.
For example, obs:*:*:bucket:* indicates all OBS buckets. For details about cloud services that support resource-level authorization, see Cloud Services that Support Resource-Level Authorization Using IAM. The region segment can be * or a region accessible to the user.
For example, obs:*:*:bucket:* indicates all OBS buckets. For details about cloud services that support resource-level authorization, see Cloud Services that Support Resource-Level Authorization Using IAM. The region segment can be * or a region accessible to the user.
For example, obs:*:*:bucket:* indicates all OBS buckets. The region segment can be * or a region accessible to the user. The service must exist and the specified resource must belong to the service.
Responsibility Permissions Description Accounting team Project expenditure management Enterprise Project BSS FullAccess Permissions for accounting management of enterprise projects Development team Project development ECS FullAccess Full permissions for Elastic Cloud Server (ECS) OBS
For example, if you grant OBS permissions to an IAM user, the user can access OBS resources in all region-specific projects.
OBS 2.0 Supported Federated Identity Authentication Huawei Cloud provides the identity provider function to implement federated identity authentication based on SAML.
To store operation records for longer than seven days, you must configure transfer to OBS or Log Tank Service (LTS) so that you can view them in OBS buckets or LTS log groups.
If the IAM user can view the bucket list and query bucket locations on the OBS console but cannot create OBS buckets, the OBS OperateAccess permissions have been configured successfully.
Example: obs:bucket:ListAllMybuckets: Permissions for listing all OBS buckets. View all actions of the service in its API Reference, for example, see Supported Actions of OBS. Condition Determines when a policy takes effect.
For example, obs:*:*:bucket:* indicates any OBS bucket. Specifying object resources Format: "OBS:*:*:object:Bucket name/object name". For object resources, IAM automatically generates the prefix of the resource path: obs:*:*:object:.
allowed to perform action obs:bucket:CreateBucket on OBS bucket OBS:*:*:bucket:prefix_test_user_name_suffix ("*" is a wildcard character). { "Version": "1.1", "Statement": [{ "Effect": "Allow", "Action": [ "obs:bucket:CreateBucket" ], "Resource": [ "OBS:*:*:bucket:
NOTE: Take the condition in the sample request as an example, the values of the condition key (obs:prefix) and string (public) must be equal (StringEquals).
NOTE: Take the condition in the sample request as an example, the values of the condition key (obs:prefix) and string (public) must be equal (StringEquals).
