Help & DocumentationCloud Access ManagementBusiness Use CaseCOS-related CasesAuthorizing Sub-account Read-only Access to Files in Specific Directory

Authorizing Sub-account Read-only Access to Files in Specific Directory

Last updated: 2019-12-04 10:39:01

PDF

A sub-account Developer under the enterprise account CompanyExample (ownerUin is 12345678 and appId is 1250000000) requires read permission of files in the Bucket1's directory dir1 of the COS service in Shanghai region under the enterprise account CompanyExample.

Solution A:

Step 1: Create the following policy using policy syntax

 {
    "version": "2.0",
    "statement":[
     {
         "effect": "allow",
         "action":  [
                    "cos:List*",
                    "cos:Get*",
                    "cos:Head*",
                    "cos:OptionsObject"
                ],
         "resource": "qcs::cos:ap-shanghai:uid/1250000000:Bucket1-1250000000/dir1/*"
     }
   ]
}

Step 2: Authorize the policy to the sub-account. For more information on authorization, please see Authorization Management.

Solution B:

Configure Policy and ACL via the COS console. For more information, please see the COS document.