doc-exports/docs/obs/perms-cfg/obs_40_0026.html

<a name="obs_40_0026"></a><a name="obs_40_0026"></a>

<h1 class="topictitle1">Granting an Account the Specified Permissions on a Bucket</h1>
<div id="body1588765301379"><div class="section" id="obs_40_0026__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0026__p122729624518">This topic describes how to grant other accounts (excluding the IAM users under them) specific operation permissions on OBS buckets. For details about how to grant permissions to an IAM user, see <a href="obs_40_0027.html">Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket</a>.</p>
<p id="obs_40_0026__p3431154410448">The following example explains how to grant the permissions to configure a bucket ACL and obtain the bucket ACL configuration information. If you need to configure other permissions, select the corresponding actions from the <strong id="obs_40_0026__b8042834446010">Action Name</strong> drop-down list in the bucket policy. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
</div>
<div class="section" id="obs_40_0026__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0026__p103657437515">You are advised to use bucket policies to grant permissions to other accounts.</p>
</div>
<div class="section" id="obs_40_0026__section786219432319"><h4 class="sectiontitle">Configuration Precautions</h4><p id="obs_40_0026__p119511212513">After the configuration is complete, the authorized account can configure and obtain a bucket ACL by using APIs or SDKs or by adding external buckets through OBS Browser+. To do this by adding external buckets, the <strong id="obs_40_0026__b74571950993">ListBucket</strong> permission is also required. Currently, access to buckets of other accounts is not allowed on OBS Console.</p>
</div>
<div class="section" id="obs_40_0026__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0026__ol170633855216"><li id="obs_40_0026__li973618915320"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0026__b55631234145812">Object Storage</strong>.</span></li><li id="obs_40_0026__li11242915363"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0026__b9925184715356">Overview</strong> page.</span></li><li id="obs_40_0026__li13508181724617"><span>In the navigation pane, choose <strong id="obs_40_0026__b66631832104415">Permissions</strong>.</span></li><li id="obs_40_0026__li49461065486"><span>On the <strong id="obs_40_0026__b271214281818">Bucket Policies</strong> page, click <strong id="obs_40_0026__b9712728817">Create Bucket Policy</strong> under <strong id="obs_40_0026__b27121128911">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0026__li1470617571214"><span>Configure parameters for a bucket policy.</span><p><div class="fignone" id="obs_40_0026__fig195023162719"><span class="figcap"><b>Figure 1 </b>Configuring parameters for a bucket policy</span><br><span><img id="obs_40_0026__image19950839279" src="en-us_image_0000001385862242.png"></span></div>

<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0026__table3706135201215" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0026__row2070620591220"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.4.2.5.2.2.2.3.1.1"><p id="obs_40_0026__p1770714531211"><strong id="obs_40_0026__b15223315836010">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="73.11999999999999%" id="mcps1.3.4.2.5.2.2.2.3.1.2"><p id="obs_40_0026__p47078561217"><strong id="obs_40_0026__b1703679296010">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="obs_40_0026__row3707105161213"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0026__p1270710541217">Policy Mode</p>
</td>
<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0026__p1070720571218">Select <strong id="obs_40_0026__b12344617206010">Customized</strong>.</p>
</td>
</tr>
<tr id="obs_40_0026__row0282443111316"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0026__p1528214351316">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0026__p628264361310">Select <strong id="obs_40_0026__b10061445106010">Allow</strong>.</p>
</td>
</tr>
<tr id="obs_40_0026__row27071453128"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0026__p9707195171215">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0026__ul1770715511217"><li id="obs_40_0026__li1070775131213">Select <strong id="obs_40_0026__b7291505406010">Include</strong> &gt; <strong id="obs_40_0026__b10479822166010">Other account</strong>.</li><li id="obs_40_0026__li117071512129"><strong id="obs_40_0026__b178541856510">Account ID</strong>: Enter the ID of the account which you want to grant permissions to. You can obtain it from the <strong id="obs_40_0026__b685455165119">My Credentials</strong> page of the account.</li><li id="obs_40_0026__li4707175171214"><strong id="obs_40_0026__b1089715764919">User ID</strong>: Enter the account ID, which can be obtained from the <strong id="obs_40_0026__b1457188676010">My Credentials</strong> page of the account.<div class="note" id="obs_40_0026__note8498202544611"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0026__p15498192594615">In this example, permissions are granted to an account, excluding any IAM user under the account. Therefore, the user ID is the same as the account ID.</p>
</div></div>
</li></ul>
</td>
</tr>
<tr id="obs_40_0026__row187079581216"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0026__p47071520126">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><p id="obs_40_0026__p134612281416">Select <strong id="obs_40_0026__b18836348556010">Include</strong> &gt; <strong id="obs_40_0026__b14193132186010">Entire bucket</strong>.</p>
</td>
</tr>
<tr id="obs_40_0026__row16898181610148"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.4.2.5.2.2.2.3.1.1 "><p id="obs_40_0026__p989841691413">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.4.2.5.2.2.2.3.1.2 "><ul id="obs_40_0026__ul48235222144"><li id="obs_40_0026__li1182312214143"><strong id="obs_40_0026__b2448409546010">Include</strong></li><li id="obs_40_0026__li04383583015"><strong id="obs_40_0026__b83375192588">Action Name</strong>:<ul id="obs_40_0026__ul7641371302"><li id="obs_40_0026__li169323914306">PutBucketAcl</li><li id="obs_40_0026__li18964256174912">GetBucketAcl</li><li id="obs_40_0026__li1533815258143">ListBucket (required when the authorized account wants to access the OBS bucket on OBS Browser+ by mounting an external bucket)</li></ul>
</li></ul>
<p id="obs_40_0026__p13633153815312">To configure other permissions, select the corresponding actions. For details about the actions supported by OBS, see <a href="obs_40_0041.html#obs_40_0041__en-us_topic_0118394684_section1623516525350">Action/NotAction</a>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_40_0026__li1940154881411"><span>Click <strong id="obs_40_0026__b6119912276010">OK</strong>. The bucket policy is created.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0024.html">Granting Permissions to Other Accounts</a></div>
</div>
</div>