In this example, we start with an Alibaba Cloud user that does not have any buckets. In the following example, replace AccessKey with your own AccessKey.
Let us assume that this user is a mobile developer and currently only has one bucket, ram-test-dev, for development, testing, and other functions. Here, the first thing we should do is stop using the primary account to access this bucket. This can avoid problems caused by AccessKey and password leaks. The procedure is as follows:
On the console, select Products & Services > Resource Access Management. The service should be activated first if you have never used it before.
Click Users to go to the User Management page.
The page shows there are still no users. Click New User on the top right corner to create a subaccount with the same OSS access permissions as the primary account. Remember to select the Auto generate AccessKey for this user.
The AccessKey for this account is generated and must be saved for later use.
Return to the “User Management” interface, which shows the newly created account named ram_test. When created, this subaccount does not have any permissions yet. Click the Authorize link on the right side and grant this subaccount full access permissions for OSS.
After authorization, click the Management link on the right side if you need to give the subaccount console login or other permissions.
Now we can test the uploading and downloading operations. In the example, the AccessKey is ram_test’s AccessKey. During the test, replace this with your own AccessKey.
$./osscmd get oss://ram-test-dev/test.txt test.txt --host=oss-cn-hangzhou.aliyuncs.com -i ur7urwDN4CdenOV5 -k V8vgFWiBZCAnsH0YRgDF35TzM47zMt
100% The object test.txt is downloaded to test.txt, please check.
$./osscmd put test.txt oss://ram-test-dev/test.txt --host=oss-cn-hangzhou.aliyuncs.com -i ur7urwDN4CdenOV5 -k V8vgFWiBZCAnsH0YRgDF35TzM47zMt
Object URL is: http://ram-test-dev.oss-cn-hangzhou.aliyuncs.com/test.txt
Object abstract path is: oss://ram-test-dev/test.txt
ETag is "E27172376D49FC609E7F46995E1F808F"
As you can see, this subaccount can basically be used for all operations, so you can avoid leaking the primary account’s AccessKey.