This topic describes how to perform simple permission management by using ossbrowser.
Log on to ossbrowser as a RAM user
For data security, we recommend that you use the AccessKey pair of a Resource Access
Management (RAM) user to log on to ossbrowser.
Note For more information about how to create a RAM user and an AccessKey pair, see Create a RAM user.
RAM users can be classified into the following types based on their permissions:
- Administrator RAM user: a RAM user who has administrative permissions. For example,
a RAM user who can manage all buckets and authorize other RAM users is an administrator
RAM user. You can log on to the RAM console by using your Alibaba Cloud account to
create an administrator RAM user and grant the permissions to the user. The following
figure shows the permissions.
- Operator RAM user: a RAM user who has the read-only permission on a bucket or directory.
Administrator RAM users can use the simple policy feature to grant operator RAM users
permissions. For more information, see Grant permissions by using a simple policy.
Note You can grant fine-grained permissions to RAM users. For more information, see Overview.
Log on to ossbrowser by using STS tokens
You can use an Security Token Service (STS) token to log on to ossbrowser. STS tokens can be provided for other authorized users for temporary access to a directory in your bucket. The STS token automatically becomes invalid after it expires.
Grant permissions by using a simple policy
After you log on to ossbrowser as an administrator RAM user, you can use the Simplify Policy feature to create an operator RAM user, or grant an operator RAM user the read-only
or read/write permissions on a bucket or directory.
Note The simple policy feature of ossbrowser is designed based on Alibaba Cloud RAM to
control access. You can log on to the RAM console from the Alibaba Cloud website to
manage your RAM users more precisely.