检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Restrictions To configure a storage class for a bucket, you must be the bucket owner or have the required permission (obs:PutBucketStoragePolicy in IAM or PutBucketStoragePolicy in a bucket policy).
For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy. The mapping between OBS regions and endpoints must comply with what is listed in Regions and Endpoints.
Restrictions To obtain the storage information of a bucket, you must be the bucket owner or have the required permission (obs:bucket:GetBucketStorage in IAM or GetBucketStorage in a bucket policy).
Restrictions To configure BPA for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketPublicAccessBlock in IAM or PutBucketPublicAccessBlock in a bucket policy).
Restrictions To delete an object, you must be the bucket owner or have the required permission (obs:object:DeleteObject in IAM or DeleteObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
Restrictions To abort a multipart upload, you must be the bucket owner or have the required permission (obs:object:AbortMultipartUpload in IAM or AbortMultipartUpload in a bucket policy).
Restrictions To rename an object, you must be the PFS owner or have the required permission (obs:bucket:PutObject in IAM or PutObject in a policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
Restrictions To check whether an object exists, you must be the bucket owner or have the required permission (obs:object:GetObject in IAM or GetObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
Restrictions To delete an object, you must be the bucket owner or have the required permission (obs:object:DeleteObject in IAM or DeleteObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
Restrictions To delete the lifecycle configuration of a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutLifecycleConfiguration in IAM or PutLifecycleConfiguration in a bucket policy).
Restrictions To obtain the BPA configuration of a bucket, you must be the bucket owner or have the required permission (obs:bucket:GetBucketPublicAccessBlock in IAM or GetBucketPublicAccessBlock in a bucket policy).
For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy. The mapping between OBS regions and endpoints must comply with what is listed in Regions and Endpoints.
IAM Permission Configuration Examples Example 1: Grant a user the permissions required to download dir_1, excluding its subdirectories. In the following configuration, the resource path ends with a slash (/).
If SSE-KMS is enabled for a bucket or the objects in it, you must have the kms:cmk:get, kms:cmk:list, kms:cmk:create, kms:dek:create, and kms:dek:crypto permissions granted by using IAM, so that you can upload objects to or download objects from this the bucket.
Constraints Permissions Online decompression requires that you create an IAM agency to delegate OBS to access data in the bucket. The permissions the agency should assign to OBS include obs:object:PutObject, obs:object:GetObject, and obs:object:AbortMultipartUpload.
Restrictions To upload an object, you must be the bucket owner or have the required permission (obs:object:PutObject in IAM or PutObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
Restrictions To upload an object, you must be the bucket owner or have the required permission (obs:object:PutObject in IAM or PutObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
To configure a storage quota for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketQuota in IAM or PutBucketQuota in a bucket policy).
Restrictions To abort a multipart upload, you must be the bucket owner or have the required permission (obs:object:AbortMultipartUpload in IAM or AbortMultipartUpload in a bucket policy).
IAM is recommended for granting permissions. For details, see IAM Custom Policies. The mapping between OBS regions and endpoints must comply with what is listed in Regions and Endpoints.
