Welcome to the OSS Permissions Documentation! This guide explains how to manage access controls and security settings for your Object Storage Service (OSS) resources. Whether you're configuring bucket policies or managing user roles, here's everything you need to know.
🛡️ Access Control Overview
OSS provides granular access control through RAM roles and bucket policies. Key concepts include:
- ACLs (Access Control Lists): Define permissions for individual objects or buckets.
- RAM Policies: Assign permissions to users or groups via Alibaba Cloud's Resource Access Management.
- STS Tokens: Temporarily grant permissions for secure access.
⚠️ Always use RAM roles for long-term access and STS tokens for temporary sessions.
📊 Permission Levels
Here are the standard permission levels in OSS:
| Level | Description | Use Case |
|---|---|---|
| Read-Only | Allows object retrieval | Publicly accessible datasets |
| Write | Enables object uploads | Collaborative file sharing |
| Full Control | Grants complete access rights | Administering OSS resources |
🛑 Best Practices
- Principle of Least Privilege ✅
Grant only necessary permissions to users or roles. - Enable Logging 📝
Monitor access via OSS access logs.
Learn more about logging - Use Signed URLs 🔐
Secure sensitive data with temporary access links.
🌐 Extend Your Knowledge
For advanced security configurations, check out our Security Best Practices document. Need help with RAM policy creation? Visit the RAM guide for detailed steps.
Let us know if you need further assistance! 🤝