With the latest update of the Object Storage Service, you can now configure permissions on the Object Storage Service in-depth. From now onwards you can also set fine-grained access rights via the "Custom Policy Designer". It allows you to define permissions on specific "actions". This can be the permission to e.g. "delete objects" or "create lifecycle rules". You can select from a total of 61 actions which can be assigned to your custom policy. Permissions on "actions" can be "granted" as well as explicitly forbidden.
Furthermore, it is possible to limit the access rules to specific resources. This allows you to define different action permissions for different users/user groups on different buckets or objects. The permission policy can be linked to further conditional parameters. Those criteria must first be met before the user is then allowed to perform the corresponding action. For example, permissions can be bound to time periods. This allows you to issue permissions only for certain periods of time, so that they expire at a certain given time.
The "Custom Policy Designer" is available to you via the "Permissions" tab from the IAM Service.
Below you will find the short overview of the update again
Permissions can be
- set up on action level (61 individual actions in total)
- allowed or explicitly forbidden
- assigned to dedicated to buckets or objects
- linked to conditional parameters
Important Note:
The IAM fine-grained access rights are right now only available in DE region.
NL will come in short and we will inform in a separate release note about availability.
Further information can be found in the Open Telekom Cloud help center.
OBS - https://docs.otc.t-systems.com/en-us/obs/index.html
IAM - https://docs.otc.t-systems.com/en-us/iam/index.html
Please feel free to ask questions in our Open Telekom Cloud Community, which is available to you via the following link:
https://community.open-telekom-cloud.com/community/?id=community_home