金山云-文档中心-Grant different sub-users permission to different bucket

Assume that you have an R&D department and an O&M department and have created the rd_bucket and op_bucket buckets in KS3 to separately store R&D data and O&M data. If you want to allow the R&D department to access only the rd_bucket bucket and the O&M department to access only the op_bucket bucket, you need to create two IAM users, rd_user and op_user, write two policies, and attach them to the users. For example, you can attach the following policy to rd_user:

{
    "Version": "2015-11-01",
    "Statement": [
    {
        "Effect": "Allow",
        "Action": "ks3:*",
        "Resource":[
            "krn:ksc:ks3:::rd_bucket",
            "krn:ksc:ks3:::rd_bucket/*"
        ]
     }
   ]
}

Similarly, you can attach the following policy to op_user:

{
    "Version": "2015-11-01",
    "Statement": [
    {
        "Effect": "Allow",
        "Action": "ks3:*",
        "Resource":[
            "krn:ksc:ks3:::op_bucket",
            "krn:ksc:ks3:::op_bucket/*"
        ]
     }
   ]
}

To allow the IAM users to log in to the KS3 console and view the bucket list, you need to grant the ks3:ListBuckets operation permission to them.

{
    "Version": "2015-11-01",
    "Statement": [
     {
         "Effect": "Allow",
         "Action": "ks3:ListBuckets",
         "Resource": "*"
     }
    ]
}

Compute

Cloud Monitor

Compliance

Networking

Security

Storage&CDN

Data Analysis

Account Management

ActionTrail

Database

Video Services

Legal

Product Introduction

Pricing

Quick Start

Console User Guide

Bucket management

Content management

Report center

Developer Guide

Endpoint

Storage type

Bucket

Object

Access Control Management

Examples of bucket policies

Example of user permissions

Image Processing

Manage image styles

Image processing operations

FAQs

API Reference

Bucket operations