The ACL for an OSS resource is private by default. To allow another user to access your OSS resources, you can grant permissions for the user to access your bucket by adding a bucket policy.
For example: Company A wants its partner, company B, to access its OSS resources, but company A does not want to create a RAM user under its Alibaba Cloud account for this requirement. In this case, company A can grant permissions for company B to access the bucket of company A by adding a bucket policy. After being authorized, company B can access an OSS resource owned by company A by adding the path of the resource in the OSS console.
Add a bucket policy for the RAM user of company B
- Follow these steps by using the Alibaba Cloud account of company B:
- Follow these steps using the Alibaba Cloud account of company A:
- Log on to the OSS console.
- In the left-side bucket list, click the name of the bucket that you want to grant permissions for company B.
- Click .
- In the Authorize dialog box, enter the policy information. Select Other Account for Accounts, and enter the UID of the RAM user created by company B. For more information about other parameters, see Use bucket policies to authorize other users to access OSS resources.
- Click OK.
Log on to OSS with the RAM user of company B and add the resource path
- Log on to Alibaba Cloud console with the RAM user of company B through the RAM user logon link.
- Open the OSS console.
- In the left-side menu, click "+" on the right of My OSS Paths. In the displayed Add Authorized OSS Path dialog box, add the following information:
- Region: Select the region of the bucket that company A allows company B to access.
- OSS path: Add the resource path that company A allows company B to access. The format of an OSS path is as follows: bucket/object-prefix. For example, if company A allows company B to access only the abc folder in the aliyun bucket, the OSS path is aliyun/abc.