Overview
OBS supports the following permission control mechanisms:
- IAM policies: IAM policies define the actions that can be performed on your cloud resources. In other words, IAM policies specify what actions are allowed or denied.
- Bucket policies and object policies:
A bucket policy applies to the configured bucket and objects in the bucket. A bucket owner can use a bucket policy to grant permissions of buckets and objects in the buckets to IAM users or other accounts.
An object policy applies to specified objects in a bucket.
- Access control lists (ACLs): Control the read and write permissions for accounts. You can set ACLs for buckets and objects.
Note
To test permissions on OBS Console, you need to create a custom policy to add the IAM user to the user group that has the obs:bucket:ListAllMyBuckets permission for all OBS resources. In this way, the IAM user can view the authorized bucket on OBS Console.
Parent topic: Permissions Control