All Documents

Current Document

Recommend

Container Engine Virtual Private Cloud Standard Storage Service

Content is empty

If you don't find the content you expect, please try another search term

Standard Storage Service (KS3)

View more results

Document title with current keyword not found

Directory

Expand AllFold All Up

Networking
Security

Storage&CDN
Database
Legal
- Legal
ActionTrail
- ActionTrail
- Kingsoft Cloud International Business

Video Services
Data Analysis
- MapReduce (KMR)
- Kingsoft Cloud Log Service
Account Management
- Identity and Access Management
- Account Management

No products found with this keyword

Documentation

Standard Storage Service (KS3)

Access Control Management

Comparison of access policies

Comparison of access policies

Last updated：2021-04-28 11:04:11

	ACL	Bucket policy	User policy
Policy type	Resource-based policy	Resource-based policy	User-based policy
Resource operation	Only basic read/write operations are supported.	Many operations are supported, except service operations such as bucket list query.	Most operations are supported, including service operations such as bucket list query.
Authorize other accounts	Supported	Supported	Not supported. You can create a role and select a trusted account for cross-account authorization.
Authorize IAM users	Not supported	Supported	Supported
Authorize roles	Not supported	Supported	Supported

Guidelines for using access policies

Scenarios where ACLs are preferred

You only want to keep buckets or objects public or private without complex authorization logic.

Scenarios where bucket policies are preferred

You want to grant resource-specific permissions to other accounts for cross-account access.
You want to grant resource-specific permissions to IAM users who do not need to log in to the console.

Scenarios where user policies are preferred

You want to grant resource-specific permissions to IAM users who need to log in to the console.
You want to assign specific roles to IAM users to grant them temporary permissions.

On this page

Previous:Allow IAM users to access resources only by using specific IP addresses

Next:How does KS3 authorize requests

Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen

Feedback