Creating a Domain User Policy

You can control domain users' access to storage resources by setting permissions for AD or LDAP domain users.

Prerequisites

Precautions

If a domain user needs to access a namespace of another account, you need to create a domain user policy with the same name under the account.

Procedure

  1. Choose Resources > Access > Authentication User > Object Users.
  2. Select a desired account from the Account drop-down list in the upper left corner.
  3. Click Create Domain User Policy.

    The Create Domain User Policy page is displayed.

  4. Set a domain user name.

    • If a domain name is empty, enter a domain user name, for example, UserName. If the domain name is not empty, enter the domain user name in the format of Domain user name@Domain name, for example, UserName@DomainName.
    • The name contains 1 to 64 characters.
    • The value can contain only letters, digits, and the following special characters: +=,.@-_.

  5. Set a user permission policy.

    1. Click Add.

      The Add User Permission Policy page is displayed.

    2. Set Policy Name.
      • The name contains 1 to 128 characters.
      • The name can only contain basic Latin (ASCII) characters other than /*\?, and spaces. Besides, it cannot contain single quotation marks (') and double quotation marks (") at the same time.
      • The name cannot be modified after the policy is created.
    3. Set Policy Mode. Possible options are as follows:
      • Recommended: provides three policies.
        • Read-only: Authorized users can read bucket resources. This policy mode does not define the write operation permission. You need to determine the permission based on other policies (such as the bucket permission). For example, if the bucket permission is read and write, the user permission is read and write.
        • Write-only: Authorized users can write bucket resources. This policy mode does not define the read operation permission. You need to determine the permission based on other policies (such as the bucket permission). For example, if the bucket permission is read and write, the user permission is read and write.
        • Read and Write: Authorized users can read and write bucket resources.
      • Custom: configures related parameters as required.

        The policy content must be in JSON format and the total length of all policies for an object user can contain a maximum of 2048 characters. For example: {"Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]}

    4. Click OK.

    To remove a policy, select the policy and click Remove.

  6. Click OK.
Parent topic: Configuring and Managing Object Users