This parameter specifies users on whom this bucket policy takes effect, including cloud service users and federated users. The registration on the cloud service access of the public cloud system user is called cloud service. This user name authenticated by the federal access of the public cloud system user is called federated users. Target users can be specified in either of the following ways:
You can specify one or more accounts, one or more IAM users, or anyone (anonymous users).
An account is the owner who registers public cloud service. An account can either be an individual or an enterprise. The bucket access permission can be granted to one or more accounts by using account IDs. If a single account is specified, directly enter the account ID. If multiple accounts are specified, use commas (,) to separate multiple account IDs.
IAM users are created in IAM and correspond to enterprise employees, systems, or applications. IAM users have independent identity credentials and can log in to the console to access services. To grant the bucket access permission to one or more IAM users, both the account IDs and IAM user IDs are required. The input format is Account ID:user/IAM user ID. Use commas (,) to separate multiple IAM users.
An authorized user can go to the My Credential page to obtain the account ID and user IDs after login.
The bucket access permission can be granted to anyone by entering the wildcard * in the text box of Authorized User.
Exercise caution when granting the bucket access permissions to anonymous users. If you grant the bucket access permission to anonymous users, anyone can access your bucket, and the traffic and storage fees generated will be borne by the bucket owner. You are advised to set restrictions on access requests. For example, you can permit the access request from only one IP address.