vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/perms-cfg/obs_40_0011.html
zhangyue 32b9354795 OBS PERMS DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2023-04-18 07:48:10 +00:00

94 lines
8.5 KiB
HTML
Raw Blame History

<a name="obs_40_0011"></a><a name="obs_40_0011"></a>
<h1 class="topictitle1">Typical Permission Control Scenarios</h1>
<div id="body1588765301378"><p id="obs_40_0011__p208051717135517">The following typical scenarios are provided to help you better configure OBS permission control.</p>
<p id="obs_40_0011__p450012614259">Factors to consider before configuring permission control:</p>
<ol id="obs_40_0011__ol838416464318"><li id="obs_40_0011__li1238424174319"><strong id="obs_40_0011__b20514845194711">Who are granted</strong>: Grantees can be a single IAM user, multiple IAM users or user groups, other accounts, and anonymous users.</li><li id="obs_40_0011__li1589648104320"><strong id="obs_40_0011__b1147712564478">What resources will be accessed</strong>: Such resources can be all OBS resources (requiring service-level permissions), specified buckets, and specified objects.</li><li id="obs_40_0011__li9359217184615"><strong id="obs_40_0011__b7610105485">What permissions are granted</strong>: In addition to configure basic permissions, such as read and read/write permissions, you can also customize permissions based on your needs.</li></ol>
<p id="obs_40_0011__p15476185084820">OBS provides various permission control mechanisms for different scenarios. The following figure can help you quickly find the best method that matches your requirements.</p>
<div class="fignone" id="obs_40_0011__fig948112311130"><span class="figcap"><b>Figure 1 </b>Typical permission scenarios</span><br><span><img id="obs_40_0011__image144815310137" src="en-us_image_0000001254687479.png"></span></div>
<p id="obs_40_0011__p13461202015411">The following table lists the permission control cases in typical scenarios for your reference.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0011__table5166203464617" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Configuration cases in typical scenarios</caption><thead align="left"><tr id="obs_40_0011__row12166143413462"><th align="left" class="cellrowborder" valign="top" width="27.72%" id="mcps1.3.7.2.3.1.1"><p id="obs_40_0011__p71661934154618">Scenario</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="72.28%" id="mcps1.3.7.2.3.1.2"><p id="obs_40_0011__p16166103434612">Configuration Case</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_40_0011__row41661034204612"><td class="cellrowborder" rowspan="5" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p1016620343468">Granting permissions to an IAM user under the current account</p>
</td>
<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p0166143484615"><a href="obs_40_0014.html">Granting an IAM User the Permissions Required to List and Create Buckets</a></p>
</td>
</tr>
<tr id="obs_40_0011__row10166113411469"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p6166113413467"><a href="obs_40_0015.html">Granting an IAM User the Read and Write Permissions on a Bucket</a></p>
</td>
</tr>
<tr id="obs_40_0011__row616643416467"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p516603413468"><a href="obs_40_0016.html">Granting an IAM User the Permissions Required to Perform Specific Operations on a Specific Bucket</a></p>
</td>
</tr>
<tr id="obs_40_0011__row916617344466"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p5166103444612"><a href="obs_40_0017.html">Granting an IAM User the Read Permission on a Specific Object</a></p>
</td>
</tr>
<tr id="obs_40_0011__row161661234184618"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p181667345467"><a href="obs_40_0018.html">Granting an IAM User the Permissions Required to Perform Specific Operations on Certain Objects</a></p>
</td>
</tr>
<tr id="obs_40_0011__row1116683419469"><td class="cellrowborder" rowspan="4" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p201661934174616">Granting permissions to multiple IAM users or user groups under the current account</p>
</td>
<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p1316673411468"><a href="obs_40_0020.html">Granting IAM User Groups All Permissions on All OBS Resources</a></p>
</td>
</tr>
<tr id="obs_40_0011__row2166163419466"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p816673494612"><a href="obs_40_0021.html">Granting IAM User Groups Basic Permissions on All OBS Resources</a></p>
</td>
</tr>
<tr id="obs_40_0011__row158760195713"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p16886010576"><a href="obs_40_0022.html">Granting IAM User Groups Specified Permissions on All OBS Resources</a></p>
</td>
</tr>
<tr id="obs_40_0011__row14565103216579"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p756563255710"><a href="obs_40_0023.html">Granting IAM User Groups Specified Permissions on Certain OBS Resources</a></p>
</td>
</tr>
<tr id="obs_40_0011__row19214163615570"><td class="cellrowborder" rowspan="5" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p1521111362571">Granting permissions to other accounts</p>
</td>
<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p221111364578"><a href="obs_40_0025.html">Granting an Account the Read and Write Permissions on a Bucket</a></p>
</td>
</tr>
<tr id="obs_40_0011__row15213736195717"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p102111236155710"><a href="obs_40_0026.html">Granting an Account the Specified Permissions on a Bucket</a></p>
</td>
</tr>
<tr id="obs_40_0011__row74361952195611"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p17500721185617"><a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket</a></p>
</td>
</tr>
<tr id="obs_40_0011__row12131836195711"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p1821111366579"><a href="obs_40_0028.html">Granting an Account Read Permissions on Certain Objects</a></p>
</td>
</tr>
<tr id="obs_40_0011__row237901617583"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p637811163586"><a href="obs_40_0029.html">Granting an Account the Specified Permissions on Certain Objects</a></p>
</td>
</tr>
<tr id="obs_40_0011__row9379111605813"><td class="cellrowborder" rowspan="4" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p43781316155819">Granting permissions to anonymous users</p>
</td>
<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p5378191611588"><a href="obs_40_0031.html">Granting Anonymous Users Public Read Permissions on a Bucket</a></p>
</td>
</tr>
<tr id="obs_40_0011__row17665101919589"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p15664171965816"><a href="obs_40_0032.html">Granting Anonymous Users Public Read Permissions on a Directory</a></p>
</td>
</tr>
<tr id="obs_40_0011__row166501995815"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p7664101918588"><a href="obs_40_0033.html">Granting Anonymous Users Public Read Permissions on Certain Objects</a></p>
</td>
</tr>
<tr id="obs_40_0011__row148469160595"><td class="cellrowborder" valign="top" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p12844121685912"><a href="obs_40_0034.html">Temporarily Sharing Objects with Anonymous Users</a></p>
</td>
</tr>
<tr id="obs_40_0011__row18593917167"><td class="cellrowborder" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p12693971611">Granting temporary permissions</p>
</td>
<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p46139121619"><a href="obs_40_0037.html">Granting Temporary Access to OBS</a></p>
</td>
</tr>
<tr id="obs_40_0011__row19316192981419"><td class="cellrowborder" valign="top" width="27.72%" headers="mcps1.3.7.2.3.1.1 "><p id="obs_40_0011__p2084451620593">Restricting access to specified IP addresses</p>
</td>
<td class="cellrowborder" valign="top" width="72.28%" headers="mcps1.3.7.2.3.1.2 "><p id="obs_40_0011__p555917422118"><a href="obs_40_0036.html">Preventing Specific IP Addresses from Accessing a Bucket</a></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
View Git Blame Copy Permalink