Typical Permissions Scenarios

The permissions settings for typical scenarios are provided to facilitate permissions management.

You need to consider the following factors before configuring permissions:

  1. Who are granted access: A single IAM user, multiple IAM users or user groups, other accounts, or anonymous users

  2. What resources will be accessed: All OBS resources (service-level permissions), specified buckets, or specified objects

  3. What permissions are granted: Basic permissions, such as read and read/write permissions, or customized permissions

OBS provides various permission control methods for different scenarios. The following figure can help you quickly find the best method for your needs.

**Figure 1** Typical permissions scenarios

Figure 1 Typical permissions scenarios

The following table lists the typical scenarios for your reference.

Table 1 Typical permission configuration scenarios

Scenario

Quick Links for Permission Configuration

Granting permissions to a single IAM user under the current account

Granting an IAM User the Permissions to Create and List Buckets

Granting an IAM User the Read/Write Permission on a Bucket

Granting an IAM User the Specified Permissions for a Bucket

Granting an IAM User the Read Permissions on Specific Objects

Granting an IAM User the Specific Permissions on Specific Objects

Granting permissions to multiple IAM users or user groups under the current account

Granting IAM User Groups All Permissions on All OBS Resources

Granting IAM User Groups Basic Permissions on All OBS Resources

Granting IAM User Groups Specific Permissions for All OBS Resources

Granting IAM User Groups Specific Permissions on Specific OBS Resources

Granting permissions to other accounts

Granting Other Accounts the Read/Write Permission for a Bucket

Granting Other Accounts the Specified Permissions for a Bucket

Granting IAM Users Under an Account the Access to a Bucket and the Resources in It

Granting Other Accounts the Read Permission for Certain Objects

Granting Other Accounts Specific Permissions for Specific Objects

Granting permissions to anonymous users

Granting Anonymous Users the Public Read Permission for a Bucket

Granting Anonymous Users the Read Permission for a Directory

Granting Anonymous Users the Read Permission for Certain Objects

Temporarily Sharing Objects with Anonymous Users

Granting temporary permissions

Granting Temporary Access to OBS

Restricting access to specified IP addresses

Restricting Access to a Bucket for Specific IP Addresses

last updated: 2025-03-31 14:44 UTC - commit: 870b765b23c896d8610259c3a13859fd03216b9f