Alibaba Cloud OSS access rights configuration (RAM permission control) implementation

Scenario

You need to authorize the tester to use a specified directory in a bucket of Alibaba Cloud OSS, such as the static/material/ directory of myBuket.
Testers maintain this directory through the ossbrowser tool.

step

Create a new user

Create a new user in RAM access control

Create an AccessKey for this user

Custom permission policy

Enter a name, remarks, and select "Script Configuration" to configure permissions by writing your own script

The script content is as follows:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "oss:ListObjects",
      "Resource": "acs:oss:*:*:myBuket",
      "Condition": {
        "StringLike": {
          "oss:Delimiter": "/",
          "oss:Prefix": [
            "",
            "static/",
            "static/material/*"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "oss:*",
      "Resource": [
        "acs:oss:*:*:myBuket/static/material/*"
      ]
    }
  ]
}

這個腳本指定myBucket 下的static/material/ 目錄可以訪問（任何權限） .
To access this directory, all parent directories of this directory must have ListObjects permission, otherwise you cannot enter.

Therefore, the script is divided into two parts, namely two Effect configurations:
The first part is to configure the ListObjects permissions of all parent directories of material/

{
  "Effect": "Allow",
  "Action": "oss:ListObjects",
  "Resource": "acs:oss:*:*:myBuket",
  "Condition": {
    "StringLike": {
      "oss:Delimiter": "/",
      "oss:Prefix": [
        "",
        "static/",
        "static/material/*"
      ]
    }
  }
}

The second part configures all permissions of materinal. Action is "oss:*" to indicate all permissions for operating OSS.

{
  "Effect": "Allow",
  "Action": "oss:*",
  "Resource": [
    "acs:oss:*:*:myBuket/static/material/*"
  ]
}

Configure permissions

When adding permissions, select the permissions defined above from the custom policy

Open OSSbrowser

Use the accessKeyId and AccessKeySerect configured above
The default path must be set to oss://myBuket/static/material

Just click to log in.

OSS's API permissions are also controlled in this way.

refer to

OSS authorization management through OSSborrower
A RAM subaccount authorizes access rights to some files in a single OSS bucket. Use RAM to manage permissions on OSS

This is the end of this article about the implementation of Alibaba Cloud OSS access permission configuration (RAM permission control). For more information about Alibaba Cloud OSS access permission configuration, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!

You may also be interested in:

Detailed explanation of the PHP version of Alibaba Cloud OSS image upload class
Example of how to upload images to Alibaba Cloud OSS storage with Vue.js
How to simply import and use Alibaba Cloud OSSsdk in thinkPHP
Sharing on using Alibaba Cloud OSS Composer package in Laravel
SpringBoot integrates Alibaba Cloud OSS image upload
Yii2.0 uses Alibaba Cloud OSS SDK to upload, download, and delete pictures
Sample code for integrating yii2.0 with Alibaba Cloud OSS
Example of yii2.0 integrating Alibaba Cloud OSS to upload a single file
Nginx proxy forwarding implementation code uploaded by Alibaba Cloud OSS
Thinkphp integrates Alibaba Cloud OSS image upload example code
An example of how to use Alibaba Cloud OSS to obtain STS credentials and transfer them to Python

<<: MySQL 8.0.21.0 Community Edition Installation Tutorial (Detailed Illustrations)

>>: Steps for customizing node installation to change the default installation path of npm global modules

Detailed tutorial on installing phpMyAdmin on Ubuntu 18.04

Alibaba Cloud OSS access rights configuration (RAM permission control) implementation

Detailed tutorial on installing phpMyAdmin on Ubuntu 18.04

How to bind domain name to nginx service

Example of pre-rendering method for Vue single page application

Detailed explanation of the production principle of jQuery breathing carousel

What command is better for fuzzy searching files in Linux?

Solution to the problem that directly setting the width and height of a hyperlink does not work

In-depth understanding of asynchronous waiting in Javascript

Detailed explanation of Apache SkyWalking alarm configuration guide

Robots.txt detailed introduction

Solution to the problem that docker CMD/ENTRYPOINT executes the sh script: not found/run.sh:

Recommend

Practical explanation of editing files, saving and exiting in linux

Specific usage of Vue's new toy VueUse

How to install MySQL and Redis in Docker

MySQL 8.0.23 installation super detailed tutorial

A thorough understanding of js native syntax prototype, proto and constructor

MySQL slow query pt-query-digest analysis of slow query log

Axios cancels repeated requests

A complete explanation of MySQL high availability architecture: MHA architecture

Details on overriding prototype methods in JavaScript instance objects

Solution to the problem of mysql service starting but not connecting

Solution to the problem of MySQL data delay jump

nginx solves the problem of slow image display and incomplete download

Understanding JavaScript prototype chain

A Brief Analysis of Subqueries and Advanced Applications in MySql Database

CSS text alignment implementation code