Help & DocumentationCloud Access ManagementBusiness Use CaseCOS-related CasesAuthorizing Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
Authorizing Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
Last updated: 2019-12-04 10:47:14
PDFA sub-account Developer under the enterprise account CompanyExample (ownerUin is 12345678 and appId is 1250000000) requires read/write permission of all objects (excluding Object1) in the Bucket1's directory dir1 of the COS service in Shanghai region under the enterprise account CompanyExample.
Solution A:
Step 1: Create the following policy using policy syntax
{
"version": "2.0",
"statement":
[
{
"effect": "allow",
"action": "cos:*",
"resource": "qcs::cos:ap-shanghai:uid/1250000000:Bucket1-1250000000/dir1/*"
},
{
"effect": "deny",
"action": "cos:*",
"resource": "qcs::cos:ap-shanghai:uid/1250000000:Bucket1-1250000000/dir1/Object1"
}
]
}Step 2: Authorize the policy to the sub-account. For more information on authorization, please see Authorization Management.
Solution B:
Configure Policy and ACL via the COS console. For more information, please see the COS document.
