You can use the following mechanisms to control access to the data on OBS:
A user's account provided by OBS contains an AK and an SK. The AK and SK are used for user authentication. If you use a client to send a request to OBS, the request header must contain a signature. The signature is generated based on the SK, request time, and request type.
An access control list (ACL) is a list that defines grantees and their granted permissions. Bucket ACLs control access to buckets for accounts and user groups. A bucket owner can grant access permissions to other accounts or user groups by configuring the bucket ACL.
It is recommended that bucket ACLs be used in the following scenarios:
You can define rules for applying for OBS resources to control one or multiple users' or accounts' permissions to access buckets or objects in the buckets. For example, if a request is from an IP address or an IP address segment, you can use a bucket policy to grant the write permission to a user or account. A bucket policy can be used to grant and deny permissions.