yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
main
doc-exports/docs/obs/umn/obs_03_0081.html
weihongmin1 cd7925dbd2 OBS UMN 1210 Version 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: weihongmin1 <weihongmin1@huawei.com>
Co-committed-by: weihongmin1 <weihongmin1@huawei.com>
2025-12-10 14:10:07 +00:00

7.8 KiB
Raw Permalink Blame History

Granting Other Accounts Permissions to Operate a Specific Bucket

The bucket owner (root account) or other accounts and IAM users, who have the permission to set bucket policies, can configure bucket policies to grant the bucket operation permissions to other accounts or IAM users under other accounts.

The following is an example about how to grant other accounts bucket access and object upload permissions.

To grant permissions to IAM users under other accounts, you need to configure both bucket policies and IAM policies.

  1. Configure a bucket policy to allow IAM users to access the bucket.
  2. Configure IAM policies for the account where authorized IAM users belong, to allow the IAM users to access the bucket.

Only permissions that are allowed by both the bucket policy and IAM policies can take effect.

Procedure

  1. In the bucket list, click the bucket you want to operate to go to the Objects page.
  2. In the navigation pane, choose Permissions > Bucket Policies.
  3. Click Create.
  4. Configure parameters listed in the table below to grant other accounts the permissions to access the bucket (to list objects in the bucket) and to upload objects.

    Table 1 Parameters for granting the object listing and upload permissions

    Parameter

    Description

    Configuration method

    Choose Visual Editor.

    Policy Name

    Enter a custom name.

    Effect

    Select Allow.

    Principal
    • Select Other accounts.
    • If Other accounts is selected, enter the account ID and IAM user ID in the format of Account ID/IAM User ID. To specify multiple IAM users, enter each one on a separate line. An asterisk (*) indicates all accounts or IAM users.
      NOTE:

      The account ID and IAM user ID can be obtained on the My Credentials page of the account or user to be authorized. The following describes different authorization scenarios:

      • Granting permissions to all accounts and IAM users: Enter */*.
      • Granting permissions to an account and all IAM users under the account: Enter Account ID/*.
      • Granting permissions to a specific IAM user under an account: Enter Account ID/IAM user ID.

    Resources

    Select Entire bucket (including the objects in it).

    Actions

    Select Customize and then the ListBucket and PutObject actions.

    NOTE:

    In this example, only the actions for listing and uploading objects are selected. You can also select other actions to grant corresponding permissions if needed. The asterisk (*) indicates all actions.

    For details about the supported actions, see Actions.

  5. Click Create in the lower right corner.
Parent topic: Application Cases