This topic describes how to perform simple permission management through ossbrowser.

Log on to ossbrowser as a RAM user

For data security, we recommend that you use the AccessKey pair of a RAM user to log on to ossbrowser.
Note Create a RAM user and an AccessKey pair. For more information, see Create a RAM user.
RAM users can be classified into two types based on their permissions:
  • Administrator RAM user: a RAM user with administrative permissions. For example, a RAM user that can manage all buckets and authorize other RAM users is an administrator RAM user. You can log on to the RAM console with your Alibaba Cloud account to create an administrator RAM user and grant permissions to the user, as shown in the following figure.
  • Operator RAM user: a RAM user with the read-only permission on a bucket or directory. Administrator RAM users can use the simple policy function to authorize RAM users. For more information, see the Grant permissions with a simple policy section.
    Note You can grant fine-grained permissions to RAM users. For more information, see Overview.

Log on to ossbrowser with STS tokens

You can use an STS token to log on to ossbrowser. STS tokens can be given to other authorized users for temporary access to your bucket directory. The STS token automatically becomes invalid after it expires.

  1. Log on to ossbrowser as an administrator RAM user.
    Notice When you log on to ossbrowser with your Alibaba Cloud account or as an administrator RAM user, some features are inaccessible to ensure data security. Use the AccessKey pair of an administrator RAM user to log on to ossbrowser and generate a token. The administrator RAM user must have the permissions to manage a bucket or directory, manage RAM (AliyunRAMFullAccess), and call the STS AssumeRole operation (AliyunSTSAssumeRoleAccess).
  2. Select the objects or directories to be accessed temporarily by the authorized users, and choose More > Authorization Token, as shown in the following figure.
  3. Save the obtained token.
  4. Log off from ossbrowser and use the STS token to log on, as shown in the following figure.

Grant permissions with a simple policy

After logging on to ossbrowser as an administrator RAM user, you can use the Simplify Policy function to create an operator RAM user, or grant an operator RAM user the read-only or read/write permissions on a bucket or directory.
Note The simple policy function of ossbrowser is designed based on Alibaba Cloud RAM to control access. You can log on to the RAM console through the Alibaba Cloud website to manage your RAM users more precisely.
  1. Log on to ossbrowser as an administrator RAM user.
  2. Select one or more objects or directories to be accessed temporarily by the authorized users, and choose More > Simple Policy.
  3. In the Simplify policy authorization dialog box that appears, set Privileges.
  4. Grant permissions to an existing operator RAM user or create a new operator RAM user in this dialog box.

    You can view, copy, and use the generated policy text as needed. For example, you can copy the policy text and use it to edit the authorization policies for RAM users and roles in the RAM console.

    Notice To use the simple policy function, you must log on to ossbrowser by using the AccessKey pair of a RAM user that has the RAM configuration permissions. For example, use the AccessKey pair of an administrator RAM user that has the RAM configuration permissions.