Help & DocumentationCloud Access ManagementBusiness Use CaseCOS-related CasesAuthorizing Sub-account Full Access to Specific Directory

Authorizing Sub-account Full Access to Specific Directory

Last updated: 2019-12-04 10:36:28

PDF

A sub-account Developer under the enterprise account CompanyExample (ownerUin is 12345678 and appId is 1250000000) requires full access to the directory dir1 of the Bucket1 of the COS service in Shanghai region under the enterprise account CompanyExample.

Solution A:

Step 1: Create the following policy using policy syntax

{
    "version": "2.0",
    "statement":[
     {
         "effect": "allow",
         "action": "cos:*",
         "resource": ["qcs::cos:ap-shanghai:uid/1250000000:Bucket1-1250000000/dir1/*",
                    "qcs::cos:ap-shanghai:uid/1250000000:Bucket1-1250000000/dir1"]
     }
   ]
}

Step 2: Authorize the policy to the sub-account. For more information on authorization, please see Authorization Management.

Solution B:

Configure Policy and ACL via the COS console. For more information, please see the COS document.