使用RAM Policy Editor 工具新建ListObject,GetObject权限策略文本
放行GetObject,ListObject 操作
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Resource": [
"acs:oss:*:*:fralychen"
],
"Condition": {}
}
]
}
放行 fralychen/Delete/*下的 DeleteObject操作
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:Get*",
"oss:list*",
"oss:Put*"
],
"Resource": [
"acs:oss:*:*:*"
],
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"oss:DeleteObject"
],
"Resource": [
"acs:oss:*:*:fralychen/Delete/*"
],
"Condition": {}
}
]
}
通过CreatPolicy接口新建名为 OSS-Object Policy
通过CreatRole接口新建角色OSS-Object
新建允许扮演可信实体为云账号(AccountID=11498773245**:role)下被授权的RAM用户(oss-object)
{ “Statement”: [ { “Action”: “sts:AssumeRole”, “Effect”: “Allow”, “Principal”: { “RAM”: [ “ acs:ram::11498773245**:role/oss-object” ] } } ], “Version”: “1” }