Configuring User Permissions

If your cloud service account does not need individual IAM users, then you may skip this section. Your permissions to use OBS functions are not affected.

If IAM users are required, you need to grant them access permissions for OBS, because OBS is separately deployed from other cloud resources.


**Figure 1** Process of granting an IAM user the OBS permissions

Figure 1 Process of granting an IAM user the OBS permissions


  1. Log in to the management console with your account.

  2. On the top menu bar, choose Service List > Management & Deployment > Identity and Access Management. The IAM console is displayed.

  3. Create a user group and assign OBS permissions to it.

    A user group is a collection of users. By assigning permissions to a user group, you assign permissions to the users in this group. After you create an IAM user, add it to one or more user groups, so that it can inherit the permissions from the groups.

    1. In the navigation pane, choose User Groups. The User Groups page is displayed.

    2. Click Create User Group.

    3. Enter a user group name and click OK.

      The user group is displayed in the user group list once the creation is complete.

    4. Locate the user group you created and click Modify in the Operation column of the row.

    5. In the Group Permissions area, locate OBS (S3), click Attach Policy in the Operation column, select the policy name, and click OK.


      In the Policy Information area, you can view the details about the policy.

      Due to data caching, an RBAC policy or a fine-grained policy involving OBS actions will take effect 10 to 15 minutes after it is attached to a user or a user group.

  4. Create an IAM user. For details, see section "Creating an IAM User" in the Identity and Access Management User Guide.

  5. Use the created IAM user to log in to OBS Console and verify the user permissions.