• Object Storage Service

obs
  1. Help Center
  2. Object Storage Service
  3. User Guide
  4. Product Introduction
  5. User Permissions

User Permissions

Identity and Access Management (IAM) provides identity management and access control functions for cloud services. Identity management manages user groups and users, and access control manages authorization of permissions to user groups and users.

For OBS, IAM user permissions manage access to OBS resources. Table 1 lists OBS resource permissions. You can assign one or more of these permissions to an IAM user to allow the user to operate OBS resources according to your needs. If none of the three permissions is selected, you will have no permission to access OBS.

Table 1 OBS resource permissions

Permission

Description

Tenant Administrator

Users with this permission can perform any operation on OBS resources.

Tenant Guest

Users with this permission can query the usage of OBS resources, in other words, this is the read permission to OBS resources.

OBS Buckets Viewer

A user with this permission can list buckets, obtain basic bucket information, and list objects.

The following table lists the operations that can be performed on OBS resources after a user has the required permissions.

Table 2 Permissions and the allowed operations on OBS resources

Operation

Tenant Administrator Permission

Tenant Guest Permission

OBS Buckets Viewer Permission

Listing buckets

Yes

Yes

Yes

Creating buckets

Yes

No

No

Deleting buckets

Yes

No

No

Obtaining basic bucket information

Yes

Yes

Yes

NOTE:

The statistics of used storage space and number of objects cannot be obtained.

Bucket access control

Yes

No

No

Bucket policies

Yes

No

No

Modifying bucket storage classes

Yes

No

No

Listing objects

Yes

Yes

Yes

Listing objects with multiple versions

Yes

Yes

No

Uploading files

Yes

No

No

Creating folders

Yes

No

No

Deleting files

Yes

No

No

Deleting folders

Yes

No

No

Downloading files

Yes

Yes

No

Deleting files with multiple versions

Yes

No

No

Downloading files with multiple versions

Yes

No

No

Modifying object storage classes

Yes

No

No

Restoring files

Yes

No

No

Canceling the deletion of files

Yes

No

No

Deleting fragments

Yes

No

No

Object access control

Yes

No

No

Configuring object metadata

Yes

No

No

Managing versioning

Yes

No

No

Managing logging

Yes

No

No

Managing event notifications

Yes

No

No

Managing tags

Yes

No

No

Managing lifecycle rules

Yes

No

No

Managing static website hosting

Yes

No

No

Managing CORS rules

Yes

No

No

Managing URL validation

Yes

No

No