Creating an Object User

An object user is created by an account. The account can control how object users utilize resources by granting object users different permissions.

Prerequisites

Procedure

  1. Choose Resources > Access > Authentication User > Object Users.
  2. Select the desired account from the Account drop-down list in the upper left corner.
  3. Click Create.

    The Create User dialog box is displayed.

  4. Set the user name.

    • The name contains 1 to 64 characters.
    • The name can contain only letters, digits, and special characters + = , . @ - _.

  5. Set User Access Key Creation.

    • Automatic: The system automatically generates a set of the object user access keys. This mode applies to scenarios where an object user is created on a primary device.
    • Manual: You need to manually enter AKs and SKs. This mode applies only to creating a user on the secondary end in the remote replication scenario. The user information of primary and secondary ends must be the same. You need to obtain the AK and SK of the primary end corresponding to the current secondary end user.

  6. Set a user permission policy.

    1. Click Add.

      The Add User Permission Policy page is displayed.

    2. Set Policy Name.
      • The name contains 1 to 128 characters.
      • The name contains basic Latin (ASCII) characters except / * \ ?, and spaces. It cannot contain single quotation marks (') and double quotation marks (") at the same time.
      • The name cannot be modified after the policy is created.
    3. Set Policy Mode. Possible options are as follows:
      • Recommended: provides three policies.
        • Read-only: Authorized users can read bucket resources. This policy mode does not define the write operation permission. You need to determine the permission based on other policies (such as the bucket permission). For example, if the bucket permission is read and write, the user permission is read and write.
        • Write-only: Authorized users can write bucket resources. This policy mode does not define the read operation permission. You need to determine the permission based on other policies (such as the bucket permission). For example, if the bucket permission is read and write, the user permission is read and write.
        • Read and Write: Authorized users can read and write bucket resources.
      • Custom: configures related parameters as required.

        The policy content must be in JSON format and the total length of all policies for an object user can contain a maximum of 2048 characters. For example: {"Statement":[{"Effect":"Allow","Action":"*","Resource":"*"}]}

    4. Click OK.

    To remove a policy, select the policy and click Remove.

  7. Click OK.

    The system generates the AK and SK of the current user. Keep the AK and SK secure and do not disclose them to others.

  8. Click Copy Access Key Information.
  9. Click Close.
Parent topic: Configuring and Managing Object Users