Cloud Access Management
- Product Introduction
- Getting Started
- User Guide
- Users
- Sub-Users
- Sub-User Security Credentials
- Collaborators
- Collaborator Security Credentials
- Message Recipients
- User Settings
- User Groups
- Role
- Identity Provider
- User-Based SSO
- Role-Based SSO
- Policies
- Definition
- Authorization Guide
- Syntax Logic
- Element Reference
- CAM-Enabled Role
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Compute
- Edge Computing
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- Database SaaS Tool
- CDN and Acceleration
- Network Security
- Endpoint Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- Practical Tutorial
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- CVM
- VPC
- API Documentation
- User APIs
- Role APIs
- Making API Requests
- Identity Provider APIs
- Policy APIs
DocumentationCloud Access ManagementBusiness Use CasesCOSAuthorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
Last updated: 2024-01-23 18:02:53
Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
Last updated: 2024-01-23 18:02:53
The enterprise account, CompanyGranter (ownerUin: 12345678; appID: 1250000000), has an object, Object1, that is located in the dir1 directory of the Bucket1 bucket in the Guangzhou region. The sub-account of another enterprise account, CompanyGrantee (ownerUin: 87654321), requires read/write permission for Object1.
This involves permission propagation.
Step 1: CompanyGrantee creates the following policy according to policy syntax.
{"version": "2.0","statement":[{"effect": "allow","action": "cos:*","resource": "qcs::cos:ap-shanghai:uid/1250000000:Bucket1-1250000000/dir1/Object1"}]}
Step 2: associate the sub-account with the policy. To learn how to associate a policy with a user account, see Authorization Management.
Step 3: the CompanyGranter enterprise account grants CompanyGrantee enterprise account access to Object1 by configuring the policy and ACL in the COS Console. For more information, see COS documentation.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No