Alibaba Cloud OSS access rights configuration (RAM permission control) implementation

Scenario

You need to authorize the tester to use a specified directory in a bucket of Alibaba Cloud OSS, such as the static/material/ directory of myBuket.
Testers maintain this directory through the ossbrowser tool.

step

Create a new user

Create a new user in RAM access control

Create an AccessKey for this user

Custom permission policy

Enter a name, remarks, and select "Script Configuration" to configure permissions by writing your own script

The script content is as follows:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "oss:ListObjects",
      "Resource": "acs:oss:*:*:myBuket",
      "Condition": {
        "StringLike": {
          "oss:Delimiter": "/",
          "oss:Prefix": [
            "",
            "static/",
            "static/material/*"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "oss:*",
      "Resource": [
        "acs:oss:*:*:myBuket/static/material/*"
      ]
    }
  ]
}

這個腳本指定myBucket 下的static/material/ 目錄可以訪問（任何權限） .
To access this directory, all parent directories of this directory must have ListObjects permission, otherwise you cannot enter.

Therefore, the script is divided into two parts, namely two Effect configurations:
The first part is to configure the ListObjects permissions of all parent directories of material/

{
  "Effect": "Allow",
  "Action": "oss:ListObjects",
  "Resource": "acs:oss:*:*:myBuket",
  "Condition": {
    "StringLike": {
      "oss:Delimiter": "/",
      "oss:Prefix": [
        "",
        "static/",
        "static/material/*"
      ]
    }
  }
}

The second part configures all permissions of materinal. Action is "oss:*" to indicate all permissions for operating OSS.

{
  "Effect": "Allow",
  "Action": "oss:*",
  "Resource": [
    "acs:oss:*:*:myBuket/static/material/*"
  ]
}

Configure permissions

When adding permissions, select the permissions defined above from the custom policy

Open OSSbrowser

Use the accessKeyId and AccessKeySerect configured above
The default path must be set to oss://myBuket/static/material

Just click to log in.

OSS's API permissions are also controlled in this way.

refer to

OSS authorization management through OSSborrower
A RAM subaccount authorizes access rights to some files in a single OSS bucket. Use RAM to manage permissions on OSS

This is the end of this article about the implementation of Alibaba Cloud OSS access permission configuration (RAM permission control). For more information about Alibaba Cloud OSS access permission configuration, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!

You may also be interested in:

Detailed explanation of the PHP version of Alibaba Cloud OSS image upload class
Example of how to upload images to Alibaba Cloud OSS storage with Vue.js
How to simply import and use Alibaba Cloud OSSsdk in thinkPHP
Sharing on using Alibaba Cloud OSS Composer package in Laravel
SpringBoot integrates Alibaba Cloud OSS image upload
Yii2.0 uses Alibaba Cloud OSS SDK to upload, download, and delete pictures
Sample code for integrating yii2.0 with Alibaba Cloud OSS
Example of yii2.0 integrating Alibaba Cloud OSS to upload a single file
Nginx proxy forwarding implementation code uploaded by Alibaba Cloud OSS
Thinkphp integrates Alibaba Cloud OSS image upload example code
An example of how to use Alibaba Cloud OSS to obtain STS credentials and transfer them to Python

<<: MySQL 8.0.21.0 Community Edition Installation Tutorial (Detailed Illustrations)

>>: Steps for customizing node installation to change the default installation path of npm global modules