yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/obs/umn/obs_03_0037.html
zhangyue 19668ae97b OBS UMN DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2025-05-20 13:11:00 +00:00

127 lines
15 KiB
HTML
Raw Blame History

<a name="obs_03_0037"></a><a name="obs_03_0037"></a>
<h1 class="topictitle1">Creating an IAM Agency</h1>
<div id="body1530063787773"><p id="obs_03_0037__p73929984212">To use some OBS features, you need to use IAM agencies to grant required permissions to OBS for processing your data.</p>
<div class="section" id="obs_03_0037__section3206135419349"><h4 class="sectiontitle">Creating an Agency for Cross-Region Replication</h4><ol id="obs_03_0037__ol5996339393"><li id="obs_03_0037__li79915335394"><span>In the <strong id="obs_03_0037__b97842535191">Create Cross-Region Replication Rule</strong> dialog box on OBS Console, click <strong id="obs_03_0037__b6416168101819">View IAM Agencies</strong> to jump to the <strong id="obs_03_0037__b978975301917">Agencies</strong> page on the IAM console.</span></li><li id="obs_03_0037__li8991133123911"><span>Click <strong id="obs_03_0037__b186681916102018">Create Agency</strong>.</span></li><li id="obs_03_0037__li39953320399"><span>Enter an agency name.</span></li><li id="obs_03_0037__li69919331395"><span>Select <strong id="obs_03_0037__b5312917209">Cloud service</strong> for the <strong id="obs_03_0037__b193299207">Agency Type</strong>.</span></li><li id="obs_03_0037__li5348101652120"><span>Select <strong id="obs_03_0037__b19798152084215">OBS</strong> for <strong id="obs_03_0037__b1679972017420">Cloud Service</strong>.</span></li><li id="obs_03_0037__li1499163316396"><span>Select a validity period.</span></li><li id="obs_03_0037__li414616161288"><span>Click <strong id="obs_03_0037__b722348449101520">Next</strong>.</span></li><li id="obs_03_0037__li19397194820171"><span>On the <strong id="obs_03_0037__b20487163682016">Select Policy/Role</strong> page, click <strong id="obs_03_0037__b15487836112019">Create Policy</strong> in the upper right corner to create a custom policy.</span></li><li id="obs_03_0037__li1632423102016"><a name="obs_03_0037__li1632423102016"></a><a name="li1632423102016"></a><span>Enter a policy name and configure the policy content as follows:</span><p><ul id="obs_03_0037__ul3331104582017"><li id="obs_03_0037__li9331204542012"><strong id="obs_03_0037__b955814499216">Select service</strong>: Select <strong id="obs_03_0037__b45583495216">Object Storage Service (OBS)</strong>.</li><li id="obs_03_0037__li794453311216"><strong id="obs_03_0037__b1244765520218">Actions</strong>: Select the actions listed in the table below.
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0037__table41812273017" frame="border" border="1" rules="all"><thead align="left"><tr id="obs_03_0037__row81816218305"><th align="left" class="cellrowborder" valign="top" width="45.879999999999995%" id="mcps1.3.2.2.9.2.1.2.2.1.3.1.1"><p id="obs_03_0037__p2194223016">Action</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="54.120000000000005%" id="mcps1.3.2.2.9.2.1.2.2.1.3.1.2"><p id="obs_03_0037__p12191828301">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0037__row01918283019"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p1493235219367">obs:object:GetObject</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p5197213301">Obtains object content and metadata.</p>
</td>
</tr>
<tr id="obs_03_0037__row1619328305"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p209321352183612">obs:object:DeleteObjectVersion</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p1319628301">Deletes one or more object versions.</p>
</td>
</tr>
<tr id="obs_03_0037__row21992183017"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p593135214361">obs:object:PutObjectVersionAcl</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p91911213017">Configures the object version ACL.</p>
</td>
</tr>
<tr id="obs_03_0037__row1819102143011"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p1593016527360">obs:object:AbortMultipartUpload</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p91911213305">Aborts a multipart upload.</p>
</td>
</tr>
<tr id="obs_03_0037__row12196283016"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p792912528364">obs:object:PutObjectAcl</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p61922163016">Configures the object ACL.</p>
</td>
</tr>
<tr id="obs_03_0037__row1719152173015"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p892813529363">obs:object:DeleteObject</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p18206220303">Deletes one or more objects.</p>
</td>
</tr>
<tr id="obs_03_0037__row12015243019"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p992745213620">obs:bucket:HeadBucket</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p62018273016">Obtains bucket metadata.</p>
</td>
</tr>
<tr id="obs_03_0037__row13205293018"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p992725211369">obs:object:PutObject</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p192014217300">Uploads objects with PUT or POST, copies objects, appends data to objects, initiates a multipart upload, as well as uploads and assembles parts.</p>
</td>
</tr>
<tr id="obs_03_0037__row3201922305"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p79261652193612">obs:object:GetObjectVersionAcl</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p122052103016">Obtains the object version ACL.</p>
</td>
</tr>
<tr id="obs_03_0037__row22014263012"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p7925135253610">obs:bucket:GetBucketVersioning</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p42016213305">Obtains the versioning status of a bucket.</p>
</td>
</tr>
<tr id="obs_03_0037__row11203203015"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p16924852173615">obs:bucket:ListBucketMultipartUploads</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p152010213010">Lists multipart uploads.</p>
</td>
</tr>
<tr id="obs_03_0037__row82113211300"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p1092385253613">obs:object:ListMultipartUploadParts</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p62172193011">Lists uploaded parts.</p>
</td>
</tr>
<tr id="obs_03_0037__row122111219305"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p2922125218362">obs:object:ModifyObjectMetaData</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p1621521304">Modifies object metadata.</p>
</td>
</tr>
<tr id="obs_03_0037__row18575264334"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p39211252183617">obs:bucket:ListBucketVersions</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p125710264330">Lists object versions in a bucket.</p>
</td>
</tr>
<tr id="obs_03_0037__row4581526193312"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p179201152173614">obs:bucket:ListBucket</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p1958102653314">Lists objects in a bucket.</p>
</td>
</tr>
<tr id="obs_03_0037__row1581226173317"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p8918195210364">obs:object:GetObjectVersion</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p115862610335">Obtains the content and metadata of an object version.</p>
</td>
</tr>
<tr id="obs_03_0037__row558526153319"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p1691735210366">obs:object:GetObjectAcl</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p115902615334">Obtains the object ACL.</p>
</td>
</tr>
<tr id="obs_03_0037__row1159202623313"><td class="cellrowborder" valign="top" width="45.879999999999995%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.1 "><p id="obs_03_0037__p20915165253615">obs:bucket:GetReplicationConfiguration</p>
</td>
<td class="cellrowborder" valign="top" width="54.120000000000005%" headers="mcps1.3.2.2.9.2.1.2.2.1.3.1.2 "><p id="obs_03_0037__p10591926173314">Obtains the cross-region replication configuration of a bucket.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="obs_03_0037__li57861914231"><strong id="obs_03_0037__b1298861964913">Resources</strong>: Select <strong id="obs_03_0037__b159893194496">Specific</strong>.<ul id="obs_03_0037__ul4516418193211"><li id="obs_03_0037__li890124323219"><strong id="obs_03_0037__b1679623215503">object</strong>: Select <strong id="obs_03_0037__b137961320509">Specify resource path</strong>. The resource path format is <strong id="obs_03_0037__b137965327507">OBS:*:*:object:</strong><em id="obs_03_0037__i679613217503">Bucket name</em><strong id="obs_03_0037__b879683218509">/</strong><em id="obs_03_0037__i157961032135015">Object name</em>.<p id="obs_03_0037__p17914514322">Add all objects in the source and destination buckets. For example, set the resource path to <strong id="obs_03_0037__b18781829205118">OBS:*:*:object:piccomp/*</strong> and <strong id="obs_03_0037__b1379182916511">OBS:*:*:object:piccomp-output/*</strong>, indicating all objects in source bucket <strong id="obs_03_0037__b5794297511">piccomp</strong> and destination bucket <strong id="obs_03_0037__b1779102955115">piccomp-output</strong>, respectively.</p>
</li></ul>
<ul id="obs_03_0037__ul11708152423218"><li id="obs_03_0037__li211455513326"><strong id="obs_03_0037__b1416763975118">bucket</strong>: Select <strong id="obs_03_0037__b416710397517">Specify resource path</strong>. The resource path format is <strong id="obs_03_0037__b181671439195118">OBS:*:*:bucket:</strong><em id="obs_03_0037__i18167143905117">Bucket name</em>.<p id="obs_03_0037__p18207145719322">Add the source and destination buckets. For example, set the resource path to <strong id="obs_03_0037__b3132123411817">OBS:*:*:bucket:piccomp</strong> and <strong id="obs_03_0037__b13132634082">OBS:*:*:bucket:piccomp-output</strong>, indicating the source bucket <strong id="obs_03_0037__b41329341489">piccomp</strong> and destination bucket <strong id="obs_03_0037__b141325341285">piccomp-output</strong>, respectively.</p>
</li></ul>
</li></ul>
<div class="fignone" id="obs_03_0037__fig1586283117612"><span class="figcap"><b>Figure 1 </b>Configuring a custom policy</span><br><span><img id="obs_03_0037__image15862173118618" src="en-us_image_0000002269635345.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="obs_03_0037__li1523978123714"><span>Click <strong id="obs_03_0037__b795712463554">Next</strong> in the lower right corner of the page.</span></li><li id="obs_03_0037__li1190263619403"><span>Select the custom policy created in <a href="#obs_03_0037__li1632423102016">9</a> and click <strong id="obs_03_0037__b2087318419564">Next</strong> in the lower right corner of the page.</span></li><li id="obs_03_0037__li1566019588282"><span>On the <strong id="obs_03_0037__b098319357297">Select Scope</strong> page, select <strong id="obs_03_0037__b1840717396292">Global services</strong> for <strong id="obs_03_0037__b124514517298">Scope</strong> and click <strong id="obs_03_0037__b13714536298">OK</strong>.</span></li><li id="obs_03_0037__li06911453143016"><span>(Optional) If <strong id="obs_03_0037__b380834933212">Replicate KMS encrypted objects</strong> is selected, the IAM agency also needs the <strong id="obs_03_0037__b08081549113215">KMS CMKFullAccess</strong> permission in the regions where the source and destination buckets are located.</span><p><ol type="a" id="obs_03_0037__ol79788611320"><li id="obs_03_0037__li202614119414">Go to the <strong id="obs_03_0037__b1331194417363">Agencies</strong> page of the IAM console and click the name of the agency created in the previous step.</li><li id="obs_03_0037__li1241103134213">Choose the <span class="uicontrol" id="obs_03_0037__uicontrol2078441615616"><b>Permissions</b></span> tab and click <span class="uicontrol" id="obs_03_0037__uicontrol157841816669"><b>Authorize</b></span>.</li><li id="obs_03_0037__li181275316503">On the <strong id="obs_03_0037__b1497695219613">Select Policy/Role</strong> page, search for and select <strong id="obs_03_0037__b12976175213616">KMS CMKFullAccess</strong>. Then, click <strong id="obs_03_0037__b10976155212619">Next</strong>.</li><li id="obs_03_0037__li812718355012">On the <strong id="obs_03_0037__b09281640273">Select Scope</strong> page, select <strong id="obs_03_0037__b4928184018717">Region-specific projects</strong> for <strong id="obs_03_0037__b14854717819">Scope</strong>. Then, select the projects in the regions where the source and destination buckets are located.</li></ol>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0036.html">Related Operations</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink