Typical Permission Control Scenarios

The following typical scenarios are provided to help you better configure OBS permission control.

Factors to consider before configuring permission control:

  1. Who are granted: Grantees can be a single IAM user, multiple IAM users or user groups, other accounts, and anonymous users.

  2. What resources will be accessed: Such resources can be all OBS resources (requiring service-level permissions), specified buckets, and specified objects.

  3. What permissions are granted: In addition to configure basic permissions, such as read and read/write permissions, you can also customize permissions based on your needs.

OBS provides various permission control mechanisms for different scenarios. The following figure can help you quickly find the best method that matches your requirements.

**Figure 1** Typical permission scenarios

Figure 1 Typical permission scenarios

The following table lists the permission control cases in typical scenarios for your reference.

Table 1 Configuration cases in typical scenarios

Scenario

Configuration Case

Granting permissions to an IAM user under the current account

Granting an IAM User the Permissions Required to List and Create Buckets

Granting an IAM User the Read and Write Permissions on a Bucket

Granting an IAM User the Permissions Required to Perform Specific Operations on a Specific Bucket

Granting an IAM User the Read Permission on a Specific Object

Granting an IAM User the Permissions Required to Perform Specific Operations on Certain Objects

Granting permissions to multiple IAM users or user groups under the current account

Granting IAM User Groups All Permissions on All OBS Resources

Granting IAM User Groups Basic Permissions on All OBS Resources

Granting IAM User Groups Specified Permissions on All OBS Resources

Granting IAM User Groups Specified Permissions on Certain OBS Resources

Granting permissions to other accounts

Granting an Account the Read and Write Permissions on a Bucket

Granting an Account the Specified Permissions on a Bucket

Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket

Granting an Account Read Permissions on Certain Objects

Granting an Account the Specified Permissions on Certain Objects

Granting permissions to anonymous users

Granting Anonymous Users Public Read Permissions on a Bucket

Granting Anonymous Users Public Read Permissions on a Directory

Granting Anonymous Users Public Read Permissions on Certain Objects

Temporarily Sharing Objects with Anonymous Users

Granting temporary permissions

Granting Temporary Access to OBS

Restricting access to specified IP addresses

Preventing Specific IP Addresses from Accessing a Bucket