检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For details, see Creating an IAM User. The administrator of department A needs to perform operations such as creating buckets and configuring bucket policies.
For details about how to obtain the tenant ID, see Obtaining Account, IAM User, Project, User Group, Region, and Agency Information.
For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy. The mapping between OBS regions and endpoints must comply with what is listed in Regions and Endpoints.
Restrictions To obtain the public access status of a bucket, you must be the bucket owner or have the required permission (obs:bucket:GetBucketPublicStatus in IAM or GetBucketPublicStatus in a bucket policy).
In the following example, IAM user ID of bucket owner is the IAM user ID of the bucket owner.
Table 5 GetBucketLoggingOutput Parameter Type Description RequestId string Explanation: Request ID returned by the OBS server Agency string Explanation: Name of the IAM agency created by the owner of the target bucket for OBS. You can select an existing IAM agency or create one.
The default key is not region-specific or IAM user-specific. All IAM users under a HUAWEI ID share the same default key in all regions. Custom CMKs only support the AES-256 and SM4 algorithms. For cross-account access, use custom keys for SSE-KMS.
Grant each department with required IAM user permissions and use bucket policies to grant the IAM users independent permissions on resources. Add external buckets on OBS Browser+ to isolate bucket resources between departments.
If SSE-KMS is enabled for a bucket, the kms:cmk:get, kms:cmk:list, kms:cmk:create, kms:dek:create, kms:dek:crypto, and kms:dek:crypto permissions must be configured for the IAM agency for OBS. Others Back to source by mirroring is free now.
Allocate IAM users with different roles to each department and use bucket policies to authorize the IAM users independent permissions on resources. Add external buckets on OBS Browser+ to isolate bucket resources between departments.
IAM is recommended for granting permissions. For details, see IAM Custom Policies. The mapping between OBS regions and endpoints must comply with what is listed in Regions and Endpoints.
IAM Agency Select an IAM agency of OBS, with the OBS OperateAccess permission assigned. If no such agency is available, create one. Click OK. The online decompression policy is created.
The permissions granted to an account are also applied to its IAM users. ACLs are not as fine-grained as bucket policies or IAM policies. It is recommended that you use IAM permissions and bucket policies for access control.
Grant permissions to an IAM user.
owner = Owner(owner_id='ownerid') # Grant the read and write permissions to an IAM user (userid).
Restrictions To obtain an object ACL, you must be the bucket owner or have the required permission (obs:object:GetObjectAcl in IAM or GetObjectAcl in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
If no such IAM agency is available, create one by referring to Creating an Agency for Back to Source.
To perform this operation, the user must be the bucket owner or the bucket owner's IAM user that has permissions required for deleting bucket policies. The 204 error code "No Content" is returned regardless of whether a requested bucket policy exists or not.
When an IAM user initiates a request, this parameter value is the ID of the account where the IAM user belongs. When an anonymous user initiates a request, this parameter value is Anonymous.
Where Can I Obtain an IAM User ID? Can I Install Two OBS Browser+ Tools from Different Sites in One System? What Are the Differences Between OBS Browser+ and OBS Browser? Does OBS Browser+ Support the Migration of Account and Task Information from OBS Browser?
