Alibaba Cloud OSS access rights configuration (RAM permission control) implementation

Scenario

You need to authorize the tester to use a specified directory in a bucket of Alibaba Cloud OSS, such as the static/material/ directory of myBuket.
Testers maintain this directory through the ossbrowser tool.

step

Create a new user

Create a new user in RAM access control

Create an AccessKey for this user

Custom permission policy

Enter a name, remarks, and select "Script Configuration" to configure permissions by writing your own script

The script content is as follows:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "oss:ListObjects",
      "Resource": "acs:oss:*:*:myBuket",
      "Condition": {
        "StringLike": {
          "oss:Delimiter": "/",
          "oss:Prefix": [
            "",
            "static/",
            "static/material/*"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "oss:*",
      "Resource": [
        "acs:oss:*:*:myBuket/static/material/*"
      ]
    }
  ]
}

這個腳本指定myBucket 下的static/material/ 目錄可以訪問（任何權限） .
To access this directory, all parent directories of this directory must have ListObjects permission, otherwise you cannot enter.

Therefore, the script is divided into two parts, namely two Effect configurations:
The first part is to configure the ListObjects permissions of all parent directories of material/

{
  "Effect": "Allow",
  "Action": "oss:ListObjects",
  "Resource": "acs:oss:*:*:myBuket",
  "Condition": {
    "StringLike": {
      "oss:Delimiter": "/",
      "oss:Prefix": [
        "",
        "static/",
        "static/material/*"
      ]
    }
  }
}

The second part configures all permissions of materinal. Action is "oss:*" to indicate all permissions for operating OSS.

{
  "Effect": "Allow",
  "Action": "oss:*",
  "Resource": [
    "acs:oss:*:*:myBuket/static/material/*"
  ]
}

Configure permissions

When adding permissions, select the permissions defined above from the custom policy

Open OSSbrowser

Use the accessKeyId and AccessKeySerect configured above
The default path must be set to oss://myBuket/static/material

Just click to log in.

OSS's API permissions are also controlled in this way.

refer to

OSS authorization management through OSSborrower
A RAM subaccount authorizes access rights to some files in a single OSS bucket. Use RAM to manage permissions on OSS

This is the end of this article about the implementation of Alibaba Cloud OSS access permission configuration (RAM permission control). For more information about Alibaba Cloud OSS access permission configuration, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!