Documentation
Standard Storage Service (KS3)
Access Control Management
Comparison of access policies
Standard Storage Service (KS3)
Access Control Management
Comparison of access policies
Comparison of access policies
Last updated:2021-04-28 11:04:11
| ACL | Bucket policy | User policy | |
|---|---|---|---|
| Policy type | Resource-based policy | Resource-based policy | User-based policy |
| Resource operation | Only basic read/write operations are supported. | Many operations are supported, except service operations such as bucket list query. | Most operations are supported, including service operations such as bucket list query. |
| Authorize other accounts | Supported | Supported | Not supported. You can create a role and select a trusted account for cross-account authorization. |
| Authorize IAM users | Not supported | Supported | Supported |
| Authorize roles | Not supported | Supported | Supported |
Guidelines for using access policies
- Scenarios where ACLs are preferred
- You only want to keep buckets or objects public or private without complex authorization logic.
- Scenarios where bucket policies are preferred
-
You want to grant resource-specific permissions to other accounts for cross-account access.
-
You want to grant resource-specific permissions to IAM users who do not need to log in to the console.
- Scenarios where user policies are preferred
-
You want to grant resource-specific permissions to IAM users who need to log in to the console.
-
You want to assign specific roles to IAM users to grant them temporary permissions.
Did you find the above information helpful?
Unhelpful
Mostly Unhelpful
A little helpful
Helpful
Very helpful
What might be the problems?
Insufficient
Outdated
Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality
More suggestions
0/200
Please give us your feedback.
Submitted
Thank you for your feedback.