No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Object Storage Service (Compatible with Amazon S3 APIs) Administrator Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ACL

ACL

ACL (Access Control List) is used to grant permission to an account or user for accessing resources.

A default ACL is generated during the creation of a bucket or an object. The ACL can be changed after being created. The entries in an ACL define permission granted to accounts and users. The ACL can be used to grant permission only but cannot be used to forbidden permission.

In the object storage service, the accounts and users listed in Table 2-1 can be granted permission by the ACL for accessing buckets and objects.

Table 2-1  Accounts and users to be authorized

Grantee

Description

Account and user of the object storage service

The permission to access a bucket or object can be granted to all accounts and users of the Object Storage Service. The authorized accounts and users can use the AK and SK to access buckets and objects.

Registered user group

The permission to access a bucket or object can be granted to all users in a registered user group. All users in the registered user groups with permission can use the AK and SK to access the object storage service.

All users of the Object Storage Service belong to the registered user groups.

Anonymous user

The permission to access a bucket or object can be granted to anonymous users. After the permission is granted, all users can access the bucket or object.

Log delivery user group

The permission to access a bucket can be granted to all users in a log delivery user group. A user in a log delivery user group can access the bucket. This permission is mainly used in log management.

Table 2-2 lists the ACL permission supported by buckets and objects.

Table 2-2  Supported ACL permission

Permission

Description

READ

A grantee with this permission for a bucket can obtain the list of objects in the bucket and its metadata.

A grantee with this permission for an object can obtain the object content and metadata.

WRITE

A grantee with this permission for a bucket can upload, overwrite, and delete any object in the bucket.

READ_ACP

A grantee with this permission can obtain the ACL of a bucket or object.

The owner of bucket or object has this permission permanently.

WRITE_ACP

A grantee with this permission can update the ACL of a bucket or object.

The owner of bucket or object has this permission permanently.

A grantee with this permission can modify the access control policy to obtain the full control access permissions.

FULL_CONTROL

A grantee with this permission has READ, WRITE, READ_ACP, and WRITE_ACP permissions.

For details about the ACL, see OceanStor 9000 Object Storage Service API Reference.

Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122523

Views: 12023

Downloads: 84

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next