Grant permissions to sub-user

Last updated:2021-04-28 11:04:15

You can use bucket policies to grant permissions to Kingsoft Cloud accounts and IAM users. A Kingsoft Cloud account can grant permissions to its IAM users and IAM users of other accounts, provided that the account has necessary permissions.

The following authorization statement is used to grant the ks3:GetObject operation permission on all objects in the example_bucket bucket to IAM user bob under the Kingsoft Cloud account whose ID is 12345.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ks3:GetObject"
      ],
      "Principal": {
        "KSC": [
          "krn:ksc:iam::12345:user/bob"
        ]
      },
      "Resource": [
        "krn:ksc:ks3:::example_bucket/*"
      ]
    }
  ]
}

Note: To simplify the input in the console, you can set Resource to only the bucket name and object name without the prefix krn:ksc:ks3:::, and Principal to the Kingsoft Cloud account ID or the Kingsoft Cloud account ID and the username of its IAM user in the format of account ID/username. The backend program automatically converts the simplified input into standard input.

Did you find the above information helpful?

Unhelpful
Mostly Unhelpful
A little helpful
Helpful
Very helpful

What might be the problems?

Insufficient
Outdated
Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions

0/200

Please give us your feedback.

Submitted

Thank you for your feedback.

问题反馈