使用RAM Policy Editor 工具新建ListObject,GetObject权限策略文本
放行GetObject,ListObject 操作
{"Version": "1","Statement": [{"Effect": "Allow","Action": ["oss:ListObjects","oss:GetObject"],"Resource": ["acs:oss:*:*:fralychen"],"Condition": {}}]}
放行 fralychen/Delete/*下的 DeleteObject操作
{"Version": "1","Statement": [{"Effect": "Allow","Action": ["oss:Get*","oss:list*","oss:Put*"],"Resource": ["acs:oss:*:*:*"],"Condition": {}},{"Effect": "Allow","Action": ["oss:DeleteObject"],"Resource": ["acs:oss:*:*:fralychen/Delete/*"],"Condition": {}}]}
通过CreatPolicy接口新建名为 OSS-Object Policy
通过CreatRole接口新建角色OSS-Object
新建允许扮演可信实体为云账号(AccountID=11498773245**:role)下被授权的RAM用户(oss-object)
{ “Statement”: [ { “Action”: “sts:AssumeRole”, “Effect”: “Allow”, “Principal”: { “RAM”: [ “ acs:ram::11498773245**:role/oss-object” ] } } ], “Version”: “1” }
通过AttachPolicyToRole为OSS-Object授权OSS-Object
若有收获,就点个赞吧
0 人点赞
