You can control requesters' permissions to access requested resources (buckets or objects). Requesters can only access resources after being granted permissions.

Buckets or objects that are created by a user belong to the user's domain. By default, only users in the domain can access the buckets or objects. In this policy, you can control access permissions to requested resources (buckets or objects). OBS uses ACLs and bucket policies to manage permissions.

  • ACL: specifies an account's permission to access resources. Each entry in an ACL grants specific permission to a specific account. ACLs apply to accounts but not accounts' users. You can use an ACL to grant but not to deny permissions.
  • Bucket policy: controls one or multiple users' or accounts' permissions to access buckets or bucket objects. You can use a bucket policy to grant or deny permissions. A bucket policy applies to both accounts and users.