像素鱼丸
需求
阿里云 OSS 只授权一个用户控制 Bucket
阿里云 OSS 想设置一个用户控制一个存储空间 bucket。需要设置 “RAM访问控制”。
方法
1)进入RAM管理控制台,选择用户管理,短信验证成功后,子账户创建完成。
2)创建子账户的Access key
3)为子账户授权策略,用户可以自定义授权策略。
权限控制
1)子用户能够通过OSS控制台操作部分有权限的bucket:目前只能实现控制台能看到所有的bucket,但是只能操作部分有权限的bucket,没权限的bucket操作报错;
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "oss:ListBuckets",
"Resource": "acs:oss:*:*:*"
},
{
"Effect": "Allow",
"Action": "oss:*",
"Resource": [
"acs:oss:*:*:beaf/backup",
"acs:oss:*:*:beaf/backup/*"
]
}
]
}
2)OSS子账户只对部分目录有对应的权限;
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "oss:ListObjects",
"Resource": "acs:oss:*:*:world"
},
{
"Effect": "Allow",
"Action": [
"oss:ListObjects",
"oss:PutObject",
"oss:GetObject",
"oss:DeleteObject"
],
"Resource": [
"acs:oss:*:*:world/fort/*"
]
}
]
}
3)SDK或者API操作有某个bucket的全部权限;
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "oss:*",
"Resource": [
"acs:oss:*:*:myphotos",
"acs:oss:*:*:myphotos/*"
]
}
]
}
4)SDK或者API操作有bucket部分目录的全部权限;
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:*"
],
"Resource": [
"acs:oss:*:*:myphotos/hangzhou/2015/*"
]
},
{
"Effect": "Allow",
"Action": [
"oss:ListObjects"
],
"Resource": [
"acs:oss:*:*:myphotos"
],
"Condition": {
"StringLike": {
"oss:Prefix": "hangzhou/2015/*"
}
}
}
]
}
参考:
https: //developer.aliyun.com/article/109821
【RAM Policy常见示例】 https://help.aliyun.com/document_detail/199058.html
修改时间 2024-03-05
声明:本站所有文章和图片,如无特殊说明,均为原创发布,转载请注明出处。