OBS supports the following permission control mechanisms:

  • IAM policies: IAM policies define the actions that can be performed on your cloud resources. In other words, IAM policies specify what actions are allowed or denied.

  • Bucket policies and object policies:

    A bucket policy applies to the configured bucket and objects in the bucket. A bucket owner can use a bucket policy to grant permissions of buckets and objects in the buckets to IAM users or other accounts.

    An object policy applies to specified objects in a bucket.

  • Access control lists (ACLs): Control the read and write permissions for accounts. You can set ACLs for buckets and objects.