vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/umn/obs_03_0080.html
Hasko, Vladimir 342f52c5ae recreating obs_umn_0414 PR due to bug in gitea 
Reviewed-by: gtema <artem.goncharov@gmail.com>
Co-authored-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-committed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
2023-05-03 14:54:25 +00:00

90 lines
9.3 KiB
HTML
Raw Blame History

<a name="obs_03_0080"></a><a name="obs_03_0080"></a>
<h1 class="topictitle1">Granting an IAM User with the Operation Permissions for a Specified Bucket</h1>
<div id="body1557026128761"><p id="obs_03_0080__p1919519475574">Create an IAM user under in an account. The IAM user has no permission to any resource before it is added to any user group. The bucket owner (root account) or other accounts and IAM users, who have the permission to set bucket policies, can configure bucket policies to grant the bucket operation permissions to IAM users.</p>
<p id="obs_03_0080__p2058382155214">The following is an example about how to authorize an IAM user with the bucket access and object upload permissions.</p>
<div class="section" id="obs_03_0080__section13279211683"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0080__ol549119194012"><li id="obs_03_0080__li99821455306"><span>In the bucket list, click the bucket you want to operate. The <strong id="obs_03_0080__obs_03_0307_b1395123914108">Overview</strong> page of the bucket is displayed.</span></li><li id="obs_03_0080__li2836319145514"><span>In the navigation pane, choose <strong id="obs_03_0080__obs_03_0142_b2055212481903">Permissions</strong>.</span></li><li id="obs_03_0080__li8120153165517"><span>Choose <strong id="obs_03_0080__b19801124353">Bucket Policies</strong> &gt; <strong id="obs_03_0080__b880311214357">Custom Bucket Policies</strong>.</span></li><li id="obs_03_0080__li81441540133419"><span>Click <strong id="obs_03_0080__b17165141553511">Create Bucket Policy</strong>. The <strong id="obs_03_0080__b61661215173517">Create Bucket Policy</strong> dialog box is displayed.</span></li><li id="obs_03_0080__li17931032163517"><span>Set the following parameters to authorize the IAM user with the permission to access the bucket (listing objects in the bucket).</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0080__table7531653104420" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for authorizing the permission to access a specified bucket</caption><thead align="left"><tr id="obs_03_0080__row2532105311447"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.2.5.2.1.2.3.1.1"><p id="obs_03_0080__p16532195364414">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.2.5.2.1.2.3.1.2"><p id="obs_03_0080__p15532145310443">Value</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0080__row953216536449"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.1 "><p id="obs_03_0080__p1653265344417">Policy Mode</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.2 "><p id="obs_03_0080__p95328538440"><strong id="obs_03_0080__b1110112013419">Customized</strong></p>
</td>
</tr>
<tr id="obs_03_0080__row16532753114417"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.1 "><p id="obs_03_0080__p353219537448">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.2 "><p id="obs_03_0080__p5532353104418"><strong id="obs_03_0080__b28593984118">Allow</strong></p>
</td>
</tr>
<tr id="obs_03_0080__row115321753164415"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.1 "><p id="obs_03_0080__p1553215538449">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.2 "><ul id="obs_03_0080__ul136938242519"><li id="obs_03_0080__li969532495111"><strong id="obs_03_0080__b3876161311416">Include</strong></li><li id="obs_03_0080__li12671786164"><strong id="obs_03_0080__b1990473219416">Cloud service user</strong>. Select the current account, and in the account, select the IAM user to be authorized.</li></ul>
</td>
</tr>
<tr id="obs_03_0080__row653285374414"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.1 "><p id="obs_03_0080__p753212538444">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.2 "><ul id="obs_03_0080__ul964933612542"><li id="obs_03_0080__li564933617545"><strong id="obs_03_0080__b114011936104113">Include</strong></li><li id="obs_03_0080__li13501734155919">Leave it blank.</li></ul>
</td>
</tr>
<tr id="obs_03_0080__row18790945165418"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.1 "><p id="obs_03_0080__p12791194519544">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.5.2.1.2.3.1.2 "><ul id="obs_03_0080__ul815102155519"><li id="obs_03_0080__li161522195512"><strong id="obs_03_0080__b111006219426">Include</strong></li><li id="obs_03_0080__li13801149553">ListBucket</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0080__li20063255511"><span>Click <strong id="obs_03_0080__b710911519429">OK</strong>.</span></li><li id="obs_03_0080__li664901415562"><span>Click <strong id="obs_03_0080__b146502314327">Create Bucket Policy</strong>. The <strong id="obs_03_0080__b7661423153211">Create Bucket Policy</strong> dialog box is displayed.</span></li><li id="obs_03_0080__li16621126135610"><span>Set the following parameters to authorize the IAM user with the permission to upload objects to the bucket.</span><p><div class="note" id="obs_03_0080__note5130172785715"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0080__p20130152735713">Before authorizing the IAM user with the permission to operate objects, ensure that the user has the permission to access the bucket.</p>
</div></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0080__table566311261565" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for authorizing the permission to upload objects</caption><thead align="left"><tr id="obs_03_0080__row16664826175610"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.2.8.2.2.2.3.1.1"><p id="obs_03_0080__p1466442615612">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.2.8.2.2.2.3.1.2"><p id="obs_03_0080__p1466516269566">Value</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0080__row12665142619562"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.8.2.2.2.3.1.1 "><p id="obs_03_0080__p36664266562">Policy Mode</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.8.2.2.2.3.1.2 "><p id="obs_03_0080__p14666152615562"><strong id="obs_03_0080__b05731729434">Customized</strong></p>
</td>
</tr>
<tr id="obs_03_0080__row3667132613567"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.8.2.2.2.3.1.1 "><p id="obs_03_0080__p1866732655612">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.8.2.2.2.3.1.2 "><p id="obs_03_0080__p966982619569"><strong id="obs_03_0080__b069971404315">Allow</strong></p>
</td>
</tr>
<tr id="obs_03_0080__row666915260561"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.8.2.2.2.3.1.1 "><p id="obs_03_0080__p8670112635619">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.8.2.2.2.3.1.2 "><ul id="obs_03_0080__ul1670726135620"><li id="obs_03_0080__li1567162695619"><strong id="obs_03_0080__b4431151714436">Include</strong></li><li id="obs_03_0080__li3879114663414"><strong id="obs_03_0080__b9572122074312">Cloud service user</strong>. Select the current account, and in the account, select the IAM user to be authorized.</li></ul>
</td>
</tr>
<tr id="obs_03_0080__row126721226135618"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.8.2.2.2.3.1.1 "><p id="obs_03_0080__p0673122685615">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.8.2.2.2.3.1.2 "><ul id="obs_03_0080__ul11674152619564"><li id="obs_03_0080__li1067452605618"><strong id="obs_03_0080__b20208923134312">Include</strong></li><li id="obs_03_0080__li167318513586">Resource name: <strong id="obs_03_0080__b97813328439">*</strong></li></ul>
</td>
</tr>
<tr id="obs_03_0080__row167522618569"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.8.2.2.2.3.1.1 "><p id="obs_03_0080__p1367692611568">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.8.2.2.2.3.1.2 "><ul id="obs_03_0080__ul176761226135619"><li id="obs_03_0080__li11676142635613"><strong id="obs_03_0080__b26261435184318">Include</strong></li><li id="obs_03_0080__li1567672613569">PutObject</li></ul>
<div class="note" id="obs_03_0080__note1250310062911"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_03_0080__p550314042918">In this example, only the permission to upload objects is granted. You can select multiple actions and granting other operation permissions to the IAM user The asterisk (*) indicates all operations.</p>
<p id="obs_03_0080__p131981634163011">For details about the supported actions, see <a href="obs_03_0051.html">Actions</a>.</p>
</div></div>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0080__li9679192645612"><span>Click <strong id="obs_03_0080__b65287386439">OK</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0127.html">Application Cases</a></div>
</div>
</div>
View Git Blame Copy Permalink