You can set access permissions of folders in the COS Console, so that specified users can perform specified operations on the contents of the folders. You are recommended to follow the principle of least privilege when configuring permissions to protect your data assets.
COS stores objects in a flat structure with no traditional folder concept. In order to make COS customary, we turn an object into a "folder" by suffixing it with
/in its key. In fact, a "folder" in COS is an object with a storage capacity of 0 KB.
The folder permission is essentially an access permission at the object level, which takes precedence over the bucket access permission. COS supports the following two types of object permissions:
|Permission Type||Configuration Item||Description|
|Public permissions||Inherited permissions||Same as the bucket permission by default.|
|Private read/write||Only the root account can read/write, while non-root accounts (sub-accounts, other users' root accounts, or anonymous users) cannot access this folder.|
|Public read/private write||The root account can read/write, while non-root accounts (sub-accounts, other users' root accounts, or anonymous users) can only read the contents of the folder but not write new data into it.|
|Public read/write||Both the root account and non-root accounts (sub-accounts, other users' root accounts, or anonymous users) can read/write.|
|User permissions||User type||A root account refers to the root account ID of other user accounts, while a sub-account refers to the sub-account under the currently used root account.
If you want sub-accounts under another root account to have access permissions, you must grant access permissions to that root accounts first, so that it can grant access permissions to its own sub-accounts.
|Data read||Permission to read data.|
|Data write||Permission to write data.|
|Permission read||Permission to read folder permission configuration. If this permission is granted, authorized users can get details of folder permission configuration.|
|Permission write||Permission to modify folder permission configuration. If this permission is granted, authorized users can modify the details of folder permission configuration.This configuration will cause permission change. Please select it with caution.|
|Full access||Including four permissions: data read, data write, permission read, and permission write. This configuration grants a wide range of permissions. Please select it with caution.|