This topic uses two example policies to demonstrate how to authorize a RAM user to list and read resources in a bucket.
- The following policy indicates that the authorized RAM user can list and read resources
contained in the
myphotos
bucket by using Object Storage Service (OSS) SDKs or OSS CLI.{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": "oss:ListObjects", "Resource": "acs:oss:*:*:myphotos" }, { "Effect": "Allow", "Action": "oss:GetObject", "Resource": "acs:oss:*:*:myphotos/*" } ] }
- The following policy indicates that the authorized RAM user can list and read resources
contained in the
myphotos
bucket by using the OSS console.Note When you log on to the OSS console, theListBuckets
,GetBucketAcl
, andGetObjectAcl
API operations are automatically called to determine whether the bucket is public or private.{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "oss:ListBuckets", "oss:GetBucketStat", "oss:GetBucketInfo", "oss:GetBucketTagging", "oss:GetBucketAcl" ], "Resource": "acs:oss:*:*:*" }, { "Effect": "Allow", "Action": [ "oss:ListObjects", "oss:GetBucketAcl" ], "Resource": "acs:oss:*:*:myphotos" }, { "Effect": "Allow", "Action": [ "oss:GetObject", "oss:GetObjectAcl" ], "Resource": "acs:oss:*:*:myphotos/*" } ] }