Many of my friends have such concerns: the resource is stored after OBS, my data safe enough? The flexibility to configure permissions?
For example, A just want to store in the OBS resources for themselves access; B want to share their resources to a friend; propylene want to control resource sharing permissions in a fixed period of time. In general, everyone has their own unique needs.
do not be afraid! OBS whole can hold live, a variety of access control either way you choose.
Access the download by me, my resources I call the shots.
Why the need for data stored access control?
For example, your company's employees have staff responsible for software development, you want them to have access to the resources of the barrel in the OBS, but do not want them to have permission to delete the barrel at high risk operations and resources, you can use IAM create a user for developers by granting access only to the resources barrel, but the barrel can not be deleted rights policy resources, control their use of the resources of the OBS.
Thus, by configuring permissions, the flexibility to control the use of OBS resources.
Related concepts
- Account: Account created automatically after registration Huawei cloud, the account has full control access rights to their resources and IAM owned by the user.
- Administrator: In order to ensure the security of accounts and resources, the user has the "admin" permission by an account created in the IAM, the IAM user account management in place. "Admin" IAM system is preset with all the operating authority of the user group. After adding the administrator "admin" user group, it will have the same resources and manage user accounts and permissions.
- IAM user: a user or administrator account created in the IAM is a cloud service user, the corresponding employees, systems, or applications with credentials (passwords and access keys), you can log in to access the management console or API.
How authority control data stored?
By default, only the owner can access resources OBS resources, other users in the case of no unauthorized access to OBS. OBS OBS resources will provide a variety of ways to grant permissions to others, resource owners may establish different rights according to business needs control scheme to ensure data security.
IAM policies, including access control mode, bucket strategy object policies, barrels ACL, the object ACL, the object limit access, IAM commissioned, by way of illustration and various application scenarios in the following table :
Small lesson plans focus on:
Several control mode, IAM policies and strategies barrel higher frequency of use, we can focus on, oh. For more authority to control how the content stamp here .
Here, you will not feel more functional, I do not know how to use it. Do not worry, say the function is not an end, flexible use is crucial. Next time, OBS cloud small lesson will take you simulate several typical application scenarios, apply their knowledge together!
