Last updated:2021-04-28 11:04:15
You can use bucket policies to grant permissions to Kingsoft Cloud accounts and IAM users. A Kingsoft Cloud account can grant permissions to its IAM users and IAM users of other accounts, provided that the account has necessary permissions.
The following authorization statement is used to grant the ks3:GetObject operation permission on all objects in the example_bucket bucket to IAM user bob under the Kingsoft Cloud account whose ID is 12345.
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"ks3:GetObject"
],
"Principal": {
"KSC": [
"krn:ksc:iam::12345:user/bob"
]
},
"Resource": [
"krn:ksc:ks3:::example_bucket/*"
]
}
]
}
Note: To simplify the input in the console, you can set Resource to only the bucket name and object name without the prefix krn:ksc:ks3:::, and Principal to the Kingsoft Cloud account ID or the Kingsoft Cloud account ID and the username of its IAM user in the format of account ID/username. The backend program automatically converts the simplified input into standard input.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.