All Documents
Current Document
Content is empty
If you don't find the content you expect, please try another search term
Content is empty
If you don't find the content you expect, please try another search term
Standard Storage Service (KS3)
Access Control Management
Example of user permissions
Allow different IAM users to access different buckets
Last updated:2021-04-28 11:04:15
Assume that you have an R&D department and an O&M department and have created the rd_bucket and op_bucket buckets in KS3 to separately store R&D data and O&M data. If you want to allow the R&D department to access only the rd_bucket bucket and the O&M department to access only the op_bucket bucket, you need to create two IAM users, rd_user and op_user, write two policies, and attach them to the users. For example, you can attach the following policy to rd_user:
{
"Version": "2015-11-01",
"Statement": [
{
"Effect": "Allow",
"Action": "ks3:*",
"Resource":[
"krn:ksc:ks3:::rd_bucket",
"krn:ksc:ks3:::rd_bucket/*"
]
}
]
}Similarly, you can attach the following policy to op_user:
{
"Version": "2015-11-01",
"Statement": [
{
"Effect": "Allow",
"Action": "ks3:*",
"Resource":[
"krn:ksc:ks3:::op_bucket",
"krn:ksc:ks3:::op_bucket/*"
]
}
]
}To allow the IAM users to log in to the KS3 console and view the bucket list, you need to grant the ks3:ListBuckets operation permission to them.
{
"Version": "2015-11-01",
"Statement": [
{
"Effect": "Allow",
"Action": "ks3:ListBuckets",
"Resource": "*"
}
]
}Pure Mode