Creating an Object User Permission Policy

This section describes how to set the operation permission of the current object user for bucket resources.

Prerequisites

An object user has been created.

Procedure

  1. Choose Resources > Access > Authentication User > Object Users.
  2. Select a desired account from the Account drop-down list in the upper left corner.
  3. Click More on the right of a desired object user and select Manage User Permission Policy.

    The User Permission Policy page is displayed.

    You can also click the desired username to go to the details page and manage user permission policies.

  4. Click Create.

    The Create User Permission Policy page is displayed.

  5. Set Policy Name.

    • The name contains 1 to 128 characters.
    • The name can only contain basic Latin (ASCII) characters other than /*\?, and spaces. Besides, it cannot contain single quotation marks (') and double quotation marks (") at the same time.
    • The name cannot be modified after the policy is created.

  6. Set Policy Mode. Possible options are as follows:

    • Recommended: provides three policies.
      • Read-only: Authorized users can read bucket resources. This policy mode does not define the write operation permission. You need to determine the permission based on other policies (such as the bucket permission). For example, if the bucket permission is read and write, the user permission is read and write.
      • Write-only: Authorized users can write bucket resources. This policy mode does not define the read operation permission. You need to determine the permission based on other policies (such as the bucket permission). For example, if the bucket permission is read and write, the user permission is read and write.
      • Read and Write: Authorized users can read and write bucket resources.
    • Custom: configures related parameters as required.

      For details about how to set user permission policy parameters, see the description of parameter PolicyDocument in Object Service Account Management API Description > User Policy Management > PutUserPolicy in the Service Plane API Description for Object of the corresponding version.

      • The policy content must be in JSON format and the total length of all policies for an object user can contain a maximum of 6400 characters. Example: {"Statement":[{"Sid": "self","Effect":"Allow","Action":[ "s3:List*","s3:Get*"],"Resource":"*"}]}
      • If the object user needs to use the temporary security credential service, set Action to the value in the example. Example: {"Statement":[{"Sid": "self","Effect":"Allow","Action":[ "sts:AssumeRole","sts:TagSession"],"Resource":"*"}]}

  7. Click OK.

    After an object user permission policy has been created, it takes effect in 5 minutes.

Parent topic: Managing Object User Permission Policies