Cloud Object Storage
- Release Notes and Announcements
- Announcements
- Product Introduction
- Purchase Guide
- Billing Method
- Billable Items
- Metadata Acceleration Fees
- Data Processing Fees
- Getting Started
- Console Guide
- Bucket Management
- Domain Name Management
- Object Management
- Folder Management
- Monitoring Reports
- Data Processing
- Image Processing
- File Processing
- Media Processing
- Function Service
- Content Moderation
- Automatic Moderation
- Historical data moderation
- Data Processing Workflow
- User Tools
- COSBrowser
- COSCLI (Beta)
- Common Commands
- Online Auxiliary Tools
- Practical Tutorial
- Access Control and Permission Management
- Performance Optimization
- Data Migration
- Data Disaster Recovery and Backup
- Domain Name Management Practice
- Image Processing
- Audio/Video Practices
- Direct Data Upload
- Content Moderation
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Developer Guide
- Creating Request
- Object
- Uploading Object
- Downloading Object
- Copying Objects
- Deleting Objects
- Data Management
- Lifecycle Management
- Data Disaster Recovery
- Versioning
- Using Versioning
- Cross-Bucket Replication
- Data Security
- Cloud Access Management
- Access Permission Configuration Description
- Access Control Overview
- Access Control Methods
- Access Policy Language
- Using CDN to Accelerate Access
- Batch Operation
- Performing Batch Operation
- Global Acceleration
- Data Workflow
- Data Lake Storage
- Cloud Native Datalake Storage
- Metadata Accelerator
- Big Data Security
- GooseFS
- Key Features
- Deployment Guide
- OPS Guide
- Logging Guide
- Data Processing
- Image Processing
- Media Processing
- Troubleshooting
- Resource Access Error
- API Documentation
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Custom Domain Name (Domain)
- Origin-Pull (Origin)
- Object APIs
- Basic Operations
- Access Control List (acl)
- Multipart Upload
- Batch Operation APIs
- Data Processing APIs
- Image Processing
- Basic Image Processing
- AI-Based Content Recognition
- Queue APIs
- Service Configuration
- Media Processing
- Media Screenshot API
- Media Information API
- Private M3U8 API
- File Processing
- File Transcoding
- Async Processing Job APIs
- Async Processing Queue APIs
- File Processing
- Hash Calculation
- File Decompression
- Multi-File Zipping
- Job and Workflow
- Workflow APIs
- Workflow Instance
- Job APIs
- Media Processing
- Canceling Media Processing Job
- Querying Media Processing Job
- Media Processing Job Callback
- Image Processing
- Submit Image Processing Job
- Canceling Image Processing Job
- Querying Image Processing Job
- Multi-Job Processing
- Submitting Multiple Jobs
- AI-Based Content Recognition
- Submitting Content Recognition Job
- Querying Content Recognition Job
- Content Recognition Job Callback
- Sync Media Processing
- Media Screenshot API
- Template APIs
- Media Processing
- Creating Media Processing Template
- Deleting Media Processing Template
- Querying Media Processing Template
- Updating Media Processing Template
- AI-Based Content Recognition
- Creating AI-Based Content Recognition Template
- Querying AI-Based Content Recognition Template
- Updating AI-Based Content Recognition Template
- Batch Job APIs
- Callback Content
- Appendix
- Content Moderation APIs
- Image Moderation
- Video Moderation
- Audio Moderation
- Text Moderation
- Submitting Virus Detection Job
- SDK Documentation
- Android SDK
- Object Operations
- Remote Disaster Recovery
- Cloud Access Management
- Data Verification
- Image Processing
- C SDK
- Object Operations
- Data Management
- Cloud Access Management
- Content Moderation
- Data Verification
- C++ SDK
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Data Verification
- Content Moderation
- .NET(C#) SDK
- Bucket Operations
- Object Operations
- Cross-Region Disaster Recovery
- Cloud Access Management
- Image Processing
- SDK for Flutter
- Object Operations
- Go SDK
- Bucket Operations
- Object Operations
- Cross-Region Disaster Recovery
- Cloud Access Management
- Data Verification
- File Processing
- Image Processing
- iOS SDK
- Object Operations
- Cross-region Disaster Recovery
- Cloud Access Management
- Image Processing
- Content Recognition
- Speech Recognition
- Java SDK
- Object Operations
- Cross-Region Disaster Recovery
- Cloud Access Management
- File Processing
- Media Processing
- AI-Based Content Recognition
- JavaScript SDK
- Object Operations
- File Processing
- Remote disaster-tolerant
- Data Management
- Cloud Access Management
- Data Verification
- Image Processing
- Node.js SDK
- Object Operations
- Remote disaster-tolerant
- Cloud Access Management
- Data Verification
- Image Processing
- PHP SDK
- Object Operations
- Bucket Operations
- Remote disaster-tolerant
- Cloud Access Management
- Image Processing
- Media Processing
- Document Processing
- File Processing
- Job APIs
- Template APIs
- Python SDK
- Object Operations
- Server-Side Encryption
- Cross-Region Disaster Recovery
- Cloud Access Management
- Content Recognition
- React Native SDK
- Object Operations
- Mini Program SDK
- Object Operations
- Remote disaster-tolerant
- Cloud Access Management
- Data Verification
- Content Moderation
- Image Processing
- FAQs
- Bucket Configuration
- Domain Names and CDN
- Object Operations
- Data Processing
- Related Agreements
- Appendices
- Historical version
DocumentationCloud Object StorageConsole GuideBucket ManagementAccessing Bucket List Using Sub-Account
Accessing Bucket List Using Sub-Account
Last updated: 2024-01-06 14:59:34
Overview
Sub-accounts have no permissions to pull a bucket list by default. Therefore, if you log in to the COS console with a sub-account, you cannot access overview data, bucket list, or any other administration items that require permissions.
Sub-accounts can access a bucket list using the following two methods:
Adding an access path: this method applies to scenarios where a sub-account has permissions to operate on objects but no permissions to access a bucket list. The access path can be a Bucket or a Path under the bucket. Please make sure the added path is authorized.
Adding a preset policy: you can add a preset policy QcloudCOSGetServiceAccess with your root account for a sub-account to access a bucket list. This method also allows you to check the statistics overview in the console.
Note:
This feature applies to scenarios where a sub-account accesses a bucket list using the console.
Adding an Access Path
Sub-accounts are not granted the preset policy QcloudCOSGetServiceAccess by default and thus do not have the permission to pull the bucket list. When granted the permissions (e.g., Read or Write) to a bucket by the root account, a sub-account can then access this bucket by adding an access path.
Prerequisites
The sub-account has been granted user permissions on a bucket by the root account. For more information, see Set Access Permission.
Directions
1. Log in to the COS console with a sub-account, enter the Access Path List page, and click Add Access Path.
2. In the Add Access Path pop-up window, select the bucket region and enter the access path, as shown below:
Region: select the region of the bucket to be allowed for access.
Access Path: enter the name of the bucket to be allowed for access (e.g., examplebucket-1250000000) or the path to an object in the bucket (e.g.,
examplebucket-1250000000/doc/exampleobject.txt).3. After confirming that the region and the access path are correct, click OK to add the path to the authorized bucket or an object in it.
4. Click Objects on the right, and you can see the object(s) to which the sub-account has been granted access.
Adding a Preset Policy
A sub-account can access the bucket list by adding the preset policy QcloudCOSGetServiceAccess (i.e., the permission to obtain the bucket list) to it.
Note:
The preset policy QcloudCOSFullAccess or QcloudCOSReadOnlyAccess can also grant a sub-account access permission to the bucket list. However, due to the wide coverage of permissions granted by these two policies, they are not recommended for security reasons.
The collection of statistics in the overview requires the access permission to the bucket list. When the sub-account needs to pull statistics, please make sure that the root account has added the preset policy QcloudCOSGetServiceAccess to it; otherwise, the system will prompt that the sub-account has no access permission to the statistics.
1. Log in to the CAM console with the root account to enter the user list page.
2. Locate the sub-account to which you want to add a policy, and click Grant Permission on the right to enter the Associate Policies page.
3. Search for and add the preset policy QcloudCOSGetServiceAccess (i.e., the permission to access the bucket list in COS) in the policy list.
4. Click OK.
5. Click the sub-account name to enter its details page where you view the added policies. When you no longer need a policy, you can unbind it.
Note:
Now, you have successfully added a preset policy for the sub-account through the root account. Log in to the COS console with the sub-account, and you can check the bucket list and statistics overview.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No