使用RAM子账号登录控制台

<p class="shortdesc">通过访问控制服务RAM,可以在主账号下创建多个子账号,使用RAM子账号同样可以登录OBS控制台。</p> <section class="section context"><div class="tasklabel"><h2 class="doc-tairway">背景信息</h2></div> <p class="p">平安云的主账户和子帐户都可以通过登录平安云控制台或者以API、SDK的方式访问OBS。主帐户默认拥有所有权限,子帐户需要主帐户授权OBS的不同粒度的权限后,才可以使用OBS服务。</p> <p class="p">例如,一家企业的管理员拥有一个RAM主账号,并且使用RAM主账号创建了一个Bucket,并且存放了一些用于共享的文件。为了便于其他人员,如员工、合作方查看或操作这些文件,可以在主账号下创建子账号,并且授予子账号相应的访问权限。这样,被授权人员就可以使用子账号登录OBS控制台,查看或操作相关文件。</p> <p class="p">当前,RAM系统策略中支持如下授权策略:</p> <ul class="ul" id="loginram__ul_ef4_2mg_lkb"> <li class="li"> OBSReadOnlyAccess:仅可以对Bucket进行只读操作。</li> <li class="li">OBSFullAccess:可以对Bucket进行读、写、删除任何操作。</li> </ul> <p class="p">如果系统策略无法满足实际需求,您可以通过RAM自定义策略进行更细粒度的用户授权。</p> <p class="p">例如,如果希望某个子帐户只能访问bucket1和bucket2中的文件,那么创建的自定义策略样例如下:</p> <pre class="pre codeblock"><code>{ &nbsp;&nbsp; "Statement":[ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "Resource":[ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "pcs:obs:*:<Tenant-id>:bucket/<Bucket1-id>", &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "pcs:obs:*:<Tenant-id>:bucket/<Bucket2-id>" &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ], &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "Action":[ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "obs:*", &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "payment:ListQueryBalanceForOrder", &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "payment:ListAvailableCoupons", &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "payment:ListActivate" &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ], &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "Effect":"Allow" &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp; ], &nbsp;&nbsp; "Version":"1" }</code></pre> <p class="p">关于访问控制详细的操作指南,请参见<a class="xref" href="/ssr/help/manage/ram/index.overview" target="_blank">访问控制RAM</a>。</p> </section> <section><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps"><li class="li step stepexpand"> <span class="ph cmd"> 登录<a class="xref" href="/console/ram/overview" target="_blank">访问控制RAM控制台</a>。</span> </li><li class="li step stepexpand"> <span class="ph cmd">在左侧导航栏中单击<span class="ph uicontrol">用户管理</span>。</span> </li><li class="li step stepexpand"> <span class="ph cmd">单击页面右上角的<span class="ph uicontrol">创建</span>。</span> <div class="itemgroup info"> <div class="note note note_note"><span class="note__title">说明:</span> 如果您要创建多个子账号,并且具备相同的权限,可以创建群组,实现统一化管理。</div> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在弹出的<span class="keyword wintitle">创建用户</span>页面中,填写<span class="ph uicontrol">登录名</span>、<span class="ph uicontrol">显示名称</span>、<span class="ph uicontrol">Email</span>和<span class="ph uicontrol">密码</span>。</span> <div class="itemgroup info"> <img class="image" id="loginram__image_pqh_q4g_lkb" src="https://obs-cn-shanghai.pinganyun.com/pcp-portal/20241001165618-13f778d69c28.png" width="600"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">完成后,单击<span class="ph uicontrol">创建</span>。</span> </li><li class="li step stepexpand"> <span class="ph cmd">创建完成的用户会显示在用户列表中,单击<span class="ph uicontrol">操作</span>列的<span class="ph uicontrol">授权</span>。</span> <div class="itemgroup info"> <img class="image" id="loginram__image_f25_v4g_lkb" src="https://obs-cn-shanghai.pinganyun.com/pcp-portal/20241001165618-1832c808966f.png" width="750"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在弹出的<span class="keyword wintitle">授权</span>页面中,搜索并选择该子账户相应权限,单击<img class="image" id="loginram__image_fcb_bpg_lkb" src="https://obs-cn-shanghai.pinganyun.com/pcp-portal/20241001165618-1c1ec4419585.png">添加权限。</span> <div class="itemgroup info"> <img class="image" id="loginram__image_lrp_cpg_lkb" src="https://obs-cn-shanghai.pinganyun.com/pcp-portal/20241001165618-1830758f949b.png"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">添加完成后,单击<span class="ph uicontrol">确定</span>。</span> </li><li class="li step stepexpand"> <span class="ph cmd">使用RAM子账号登录<a class="xref" href="/console/obs/bucket/list" target="_blank">对象存储OBS控制台</a>。</span> </li></ol></section>
以上内容是否解决了您的问题?
请补全提交信息!
咨询·建议

电话咨询

400-151-8800

邮件咨询

cloud@pingan.com

在线客服

工单支持

解决云产品相关技术问题