Alibaba Cloud OSS access rights configuration (RAM permission control) implementation

Scenario

You need to authorize the tester to use a specified directory in a bucket of Alibaba Cloud OSS, such as the static/material/ directory of myBuket.
Testers maintain this directory through the ossbrowser tool.

step

Create a new user

Create a new user in RAM access control

Create an AccessKey for this user

Custom permission policy

Enter a name, remarks, and select "Script Configuration" to configure permissions by writing your own script

The script content is as follows:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "oss:ListObjects",
      "Resource": "acs:oss:*:*:myBuket",
      "Condition": {
        "StringLike": {
          "oss:Delimiter": "/",
          "oss:Prefix": [
            "",
            "static/",
            "static/material/*"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "oss:*",
      "Resource": [
        "acs:oss:*:*:myBuket/static/material/*"
      ]
    }
  ]
}

這個腳本指定myBucket 下的static/material/ 目錄可以訪問（任何權限） .
To access this directory, all parent directories of this directory must have ListObjects permission, otherwise you cannot enter.

Therefore, the script is divided into two parts, namely two Effect configurations:
The first part is to configure the ListObjects permissions of all parent directories of material/

{
  "Effect": "Allow",
  "Action": "oss:ListObjects",
  "Resource": "acs:oss:*:*:myBuket",
  "Condition": {
    "StringLike": {
      "oss:Delimiter": "/",
      "oss:Prefix": [
        "",
        "static/",
        "static/material/*"
      ]
    }
  }
}

The second part configures all permissions of materinal. Action is "oss:*" to indicate all permissions for operating OSS.

{
  "Effect": "Allow",
  "Action": "oss:*",
  "Resource": [
    "acs:oss:*:*:myBuket/static/material/*"
  ]
}

Configure permissions

When adding permissions, select the permissions defined above from the custom policy

Open OSSbrowser

Use the accessKeyId and AccessKeySerect configured above
The default path must be set to oss://myBuket/static/material

Just click to log in.

OSS's API permissions are also controlled in this way.

refer to

OSS authorization management through OSSborrower
A RAM subaccount authorizes access rights to some files in a single OSS bucket. Use RAM to manage permissions on OSS

This is the end of this article about the implementation of Alibaba Cloud OSS access permission configuration (RAM permission control). For more information about Alibaba Cloud OSS access permission configuration, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!

You may also be interested in:

Detailed explanation of the PHP version of Alibaba Cloud OSS image upload class
Example of how to upload images to Alibaba Cloud OSS storage with Vue.js
How to simply import and use Alibaba Cloud OSSsdk in thinkPHP
Sharing on using Alibaba Cloud OSS Composer package in Laravel
SpringBoot integrates Alibaba Cloud OSS image upload
Yii2.0 uses Alibaba Cloud OSS SDK to upload, download, and delete pictures
Sample code for integrating yii2.0 with Alibaba Cloud OSS
Example of yii2.0 integrating Alibaba Cloud OSS to upload a single file
Nginx proxy forwarding implementation code uploaded by Alibaba Cloud OSS
Thinkphp integrates Alibaba Cloud OSS image upload example code
An example of how to use Alibaba Cloud OSS to obtain STS credentials and transfer them to Python

<<: MySQL 8.0.21.0 Community Edition Installation Tutorial (Detailed Illustrations)

>>: Steps for customizing node installation to change the default installation path of npm global modules

MySQL Daemon failed to start error solution

Blog

Detailed tutorial on building a continuous integration delivery environment based on Docker+K8S+GitLab/SVN+Jenkins+Harbor

Blog

How to prohibit vsftpd users from logging in through ssh

Alibaba Cloud OSS access rights configuration (RAM permission control) implementation

MySQL Daemon failed to start error solution

Detailed tutorial on building a continuous integration delivery environment based on Docker+K8S+GitLab/SVN+Jenkins+Harbor

How to prohibit vsftpd users from logging in through ssh

HTML head structure

Detailed use of Echarts in vue2 vue3

TCP performance tuning implementation principle and process analysis

How to hide the version number and web page cache time in Nginx

How to use VirtualBox to simulate a Linux cluster

Express implements login verification

Implementation of mysql decimal data type conversion

Recommend

Install nodejs and yarn and configure Taobao source process record

html page!--[if IE]...![endif]--Detailed introduction to usage

Detailed explanation of angular content projection

Detailed explanation on how to install MySQL database on Alibaba Cloud Server

How to use Xtrabackup to back up and restore MySQL

Learn Hyperlink A Tag

Detailed explanation of the usage of common Linux commands (Part 2) ———— Text editor commands vi/vim

Research on Web Page Size

MySQL 8.0.16 winx64 installation and configuration method graphic tutorial under win10

The difference between traditional tomcat startup service and springboot startup built-in tomcat service (recommended)

Detailed description of component-based front-end development process

Example code for implementing a QR code scanning box with CSS

MySQL 8.0.22 decompression version installation tutorial (for beginners only)

Detailed explanation of how Angular handles unexpected exception errors

How to implement a simple HTML video player