All Products
Search

This Product

    E-MapReduce:What do I do if the AccessDenied error occurs when I access OSS?

    Document Center

    E-MapReduce:What do I do if the AccessDenied error occurs when I access OSS?

    Last Updated:Mar 26, 2026

    When JindoSDK accesses Object Storage Service (OSS) using a RAM user's credentials, an AccessDenied error indicates the RAM user lacks the required OSS permissions. This topic explains how to identify the error and grant the correct permissions.

    Symptom

    The following error appears when testing OSS connectivity:

    Failed test connectivity, operation: getFileStatus, errMsg: [RequestId]: 635B6DDE9A1F093434AC6A7C [HostId]: oss-cn-beijing-internal.aliyuncs.com [ErrorMessage]: [E1010]HTTP/1.1 403 Forbidden: <?xml version="1.0" encoding="UTF-8"?><Error> <Code>AccessDenied</Code> <Message>The bucket you access does not belong to you.</Message> <RequestId>635B6DDE9A1F093434AC6A7C</RequestId> <HostId>xxx.oss-cn-beijing-internal.aliyuncs.com</HostId></Error> [ErrorCode]: 1010 [RequestId]: 635B6DDE9A1F093434AC6A7C

    Cause

    The RAM user does not have the required permissions to access OSS.

    Solution

    Prerequisites

    Before you begin, make sure you have:

    • RAM administrator access to grant OSS permissions to RAM users

    Grant OSS permissions to the RAM user

    JindoSDK uses the RAM user's credentials to call OSS APIs. Because all OSS API requests are made under that RAM user's identity, the RAM user must have the OSS actions that match your use case.

    For general instructions on granting RAM permissions, see Use RAM to manage OSS permissions.

    Grant only the actions your workload requires. Using a broader permission set than necessary increases security risk.

    Read and write access

    Use the following actions when JindoSDK needs to read and write data to OSS:

    # Bucket-related actions
oss:ListObjects
oss:GetBucketInfo
# Object-related actions
oss:PutObject
oss:GetObject
oss:DeleteObject
oss:AbortMultipartUpload
oss:ListParts
oss:RestoreObject
oss:PutObjectTagging
oss:GetObjectTagging
oss:DeleteObjectTagging
# Versioning-related actions
oss:ListObjectVersions
oss:GetObjectVersion
oss:DeleteObjectVersion
oss:RestoreObjectVersion
oss:PutObjectVersionTagging
oss:GetObjectVersionTagging
oss:DeleteObjectVersionTagging

    Read-only access

    Use the following actions when JindoSDK only needs to read data from OSS:

    # Bucket-related actions
oss:ListObjects
oss:GetBucketInfo
# Object-related actions
oss:GetObject
oss:ListParts
oss:RestoreObject
oss:GetObjectTagging
# Versioning-related actions
oss:ListObjectVersions
oss:GetObjectVersion
oss:RestoreObjectVersion
oss:GetObjectVersionTagging

    What's next