Today, a colleague used the ossClient object to obtain the ossObject when using the temporary account to perform crc64 verification on the file uploaded to the oss server
提示Access denied by authorizer's policy.
Looking at the returned prompt information, it should be a permission problem. The temporary account on the colleague's side is obtained by calling the interface on my side, so I guess the problem should be on my side. According to the documents provided by Alibaba Cloud, this problem is temporary. User does not have permission
Since I was new to this piece and the code was written by someone before, I didn't understand it at first. While reading the document, I submitted a work order to Ali for assistance. The document said that the temporary account is based on the permissions of the sub-account, so I logged in to the sub-account console and found that the sub-account has permissions. At this time, Ali replied to my work order. The work order said that it was a problem with the policy configuration of my temporary account. It asked me to configure the policy as the highest operating authority, so I set the maximum authority for the policy of the temporary account as it said, and then Republish the service and ask colleagues to try again. At this time, the error mentioned above has not been reported, but a new error has occurred: The parameter policy has not passed grammer check.
The meaning is probably the syntax error of the policy, so check the settings of the policy. Because I used to configure the permissions to be used (minimized permissions), I simply added a "getObject" permission to the action of the original policy, regardless of whether the maximum permission syntax is correct, and then repackaged it and uploaded it to the server, and restarted the service. , asked my colleague to try again, watched the log of the shell window print out one by one, and finally saw the word "successful", and no exception was reported in the middle. I was instantly relieved, and after an afternoon and evening, I finally got through. This is like constipation for more than half an hour and suddenly a burst of dantian energy opens up the second meridian of Ren and Du, and the tide ebbs and flows instantly. One word, cool!
In addition, when writing a policy, it is recommended that you write it on the RAM Policy Editor first . This online editor provides verification of the policy syntax.