After an account permission policy is created and associated with a role, the role has the permission to access the corresponding bucket.
Prerequisites
- The object service has been enabled.
- The access key of an account is in Activated status.
- A maximum of 1500 permission policies can be created for each account.
Procedure
- Choose Resources > Access > Account.
- Click a desired account name and choose Protocol > Object Service > Permission Policy.
- Click Create.
The Create Account Permission Policy page is displayed.
- Set the policy name.
- The name contains 1 to 128 characters.
- The name can only contain basic Latin (ASCII) characters other than /*\?, and spaces. Besides, it cannot contain single quotation marks (') and double quotation marks (") at the same time.
- This name cannot be modified after the account permission policy is created.
- Set a policy mode. Possible values are Recommended and Custom.
- Recommended: provides three policy modes for direct selection by users.
- Read-only: Authorized accounts can read bucket resources.
- Write-only: Authorized accounts can write bucket resources.
- Read and Write: Authorized accounts can read and write bucket resources.
- Custom: configures related parameters as required.
For details about how to set account permission policy parameters, see the description of parameter PolicyDocument in Account Permission Policy Management > Adding and Modifying a Permission Policy in the Service Plane API Description for Object of the corresponding version.
The policy content must be in JSON format and cannot exceed 2048 characters.
Example: {"Version": "2008-10-17","Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]}
- Recommended: provides three policy modes for direct selection by users.
- Click OK.