检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Restrictions To delete bucket tags, you must be the bucket owner or have the required permission (obs:bucket:DeleteBucketTagging in IAM or DeleteBucketTagging in a bucket policy).
Restrictions To obtain the bucket tags, you must be the bucket owner or have the required permission (obs:bucket:GetBucketTagging in IAM or GetBucketTagging in a bucket policy).
What Are the Differences Between an IAM Permission and a Bucket Policy in Access Control? Why Is the Message "Access denied" Still Appearing After OBS System Permissions Are Allowed?
Both IAM permissions and bucket policies can include deny statements, so you need to check these configurations separately. Checking IAM permissions Log in to the IAM console. On the Users page, search for the name of the user that could not access OBS.
Before configuring an IAM policy, you need to understand what permissions are required. An IAM user only has the permissions defined by the policy. In this example, user APPServer only has full permissions on objects in the APPClient folder.
Restrictions To rename an object, you must be the PFS owner or have the required permission (obs:bucket:PutObject in IAM or PutObject in a policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
Access control: You can use IAM permissions, bucket policies, bucket ACLs, and object ACLs to implement refined access control over buckets and objects.
a Bucket Granting an IAM User the Specified Permissions for a Bucket Granting an IAM User the Read Permissions on Specific Objects Granting an IAM User the Specific Permissions on Specific Objects Granting permissions to multiple IAM users or user groups under the current account
Separation of duties Assign different IAM users to manage resources and permissions. For example, you can let one IAM user assign permissions, and let another IAM user manage OBS resources.
Creating a HUAWEI ID and Enabling Huawei Cloud Services IAM user Optional.
IAM user name Yes Name of the IAM user created by your Huawei Cloud account or HUAWEI ID. To view an IAM username, see Obtaining IAM User Information.
Figure 1 My Credentials On the API Credentials page, view the account name, account ID, IAM user name, IAM user ID, project name, and project ID. The project ID varies depending on the region where your service is located.
Figure 1 My Credentials On the API Credentials page, view the account name, account ID, IAM user name, IAM user ID, project name, and project ID. The project ID varies depending on the region where your service is located.
Figure 1 My Credentials On the API Credentials page, view the account name, account ID, IAM user name, IAM user ID, project name, and project ID. The project ID varies depending on the region where your service is located.
Figure 1 My Credentials On the API Credentials page, view the account name, account ID, IAM user name, IAM user ID, project name, and project ID. The project ID varies depending on the region where your service is located.
Enter the account ID and IAM user ID in the format of Account ID/IAM user ID. To specify multiple IAM users, enter each one on a separate line. An asterisk (*) indicates all accounts or IAM users. NOTE: The account ID and IAM user ID can be obtained on the My Credentials page.
Use an IAM user. Specifically, use a Huawei account to log in to the Huawei Cloud console, create an IAM user, and grant the IAM user necessary permissions.
Permission Configuration in Typical Scenarios Typical Permissions Scenarios Granting Permissions to an IAM User Under the Current Account Granting Permissions to Multiple IAM Users or User Groups Under the Current Account Granting Permissions to Other Accounts Granting Permissions
Table 1 OBS access control Method Description Reference Permission control IAM permissions IAM permissions define which actions on your cloud resources are allowed or denied.
To mitigate such risks, you can use IAM Permissions to implement fine-grained permissions management.
