• Object Storage Service

  1. Help Center
  2. Object Storage Service
  3. User Guide
  4. OBS Console Operation Guide
  5. Getting Started
  6. Setting User Permissions

Setting User Permissions

The public cloud service system provides two types of user permissions by default: user management and resource management.

  • User management refers to the management of users, user groups, and user group permissions.
  • Resource management refers to the operations that can be performed by users to control their public cloud service resources.

For details, see Permission Description.

OBS and other cloud resources are deployed separately. Table 1 describes the permissions.

Table 1 OBS resource permissions



Tenant Administrator

Users with this permission can perform any operation on OBS resources.

Tenant Guest

Users with this permission can query the usage of OBS resources, in other words, this is the read permission to OBS resources.

OBS Buckets Viewer

A user with this permission can list buckets, obtain basic bucket information, and list objects.


  1. Log in to OBS Console.
  2. On the top navigation bar, choose Service List > Management & Deployment > Identity and Access Management. The IAM console is displayed.
  3. Create a user group.

    1. In the navigation pane on the left, click User Group. The User Group page is displayed.
    2. Click Create User Group.
    3. Enter a user group name in the User Group text box, enter a description (optional), and click OK.
    4. In the row where the newly created user group is displayed, click Modify under the Operation column. The Modify User Group page is displayed.
    5. In the table of User Group Permissions, locate the row where Global service > OBS is displayed, and then click Modify under the Operation column. The Policy dialog box is displayed.
    6. Select the OBS and Base permissions. See Figure 1.
      Figure 1 OBS policy
    7. Click OK.
    8. Optional: If you need to interconnect OBS with uses other cloud services, enable the permissions by choosing Global service > Global and setting the policy.
    9. Click OK.

  4. Create a user.

    1. In the navigation pane on the left, click User. The User page is displayed.
    2. Click Create User. The Create User page is displayed.
    3. Enter a username, and set Credential Type and User Groups.

      If no user group is selected, the user does not have corresponding permissions.

    4. Click Next.
    5. Select Password Type and enter an email address.
    6. Click OK.