阿里云OSS访问权限配置(RAM权限控制)实现
<p><span><strong>场景</strong></span></p>
<p>
需要将阿里云oss的某个bucket的指定目录授权给测试人员使用,比如指定 myBuket 的 static/material/ 目录。<br>
测试人员通过ossbrowser工具来维护这个目录。</p>
<p>
<img title="阿里云OSS访问权限配置(RAM权限控制)实现" alt="阿里云OSS访问权限配置(RAM权限控制)实现" src="https://zhuji.jb51.net/uploads/img/202305/01c6e6017ff8234545a6ca68d52fafd4.jpg"></p>
<p>
<span><strong>步骤</strong></span></p>
<p>
<strong>新建用户</strong></p>
<p>
在RAM访问控制中新建一个用户</p>
<p>
<img title="阿里云OSS访问权限配置(RAM权限控制)实现" alt="阿里云OSS访问权限配置(RAM权限控制)实现" src="https://zhuji.jb51.net/uploads/img/202305/05073669b932bdbd0f132377a89f5016.jpg"></p>
<p>
为这个用户创建AccessKey</p>
<p>
<img title="阿里云OSS访问权限配置(RAM权限控制)实现" alt="阿里云OSS访问权限配置(RAM权限控制)实现" src="https://zhuji.jb51.net/uploads/img/202305/d54718cd91be05773116670f8aa0b403.jpg"></p>
<p>
<span><strong>自定义权限策略</strong></span></p>
<p>
<img title="阿里云OSS访问权限配置(RAM权限控制)实现" alt="阿里云OSS访问权限配置(RAM权限控制)实现" src="https://zhuji.jb51.net/uploads/img/202305/66cf3984c70cf895658a834a985ff2d6.jpg"></p>
<p>
输入名称、备注、选择“脚本配置”,通过自己写脚本来配置权限</p>
<p>
<img title="阿里云OSS访问权限配置(RAM权限控制)实现" alt="阿里云OSS访问权限配置(RAM权限控制)实现" src="https://zhuji.jb51.net/uploads/img/202305/e2293fe403e76736979ea61ba2587c01.jpg"></p>
<p>
脚本内容如下:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_652342">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
<div class="line number19 index18 alt2">
19</div>
<div class="line number20 index19 alt1">
20</div>
<div class="line number21 index20 alt2">
21</div>
<div class="line number22 index21 alt1">
22</div>
<div class="line number23 index22 alt2">
23</div>
<div class="line number24 index23 alt1">
24</div>
<div class="line number25 index24 alt2">
25</div>
<div class="line number26 index25 alt1">
26</div>
<div class="line number27 index26 alt2">
27</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain">{</code>
</div>
<div class="line number2 index1 alt1">
<code class="plain spaces"> </code><code class="plain plain">"Version": "1",</code>
</div>
<div class="line number3 index2 alt2">
<code class="plain spaces"> </code><code class="plain plain">"Statement": [</code>
</div>
<div class="line number4 index3 alt1">
<code class="plain spaces"> </code><code class="plain plain">{</code>
</div>
<div class="line number5 index4 alt2">
<code class="plain spaces"> </code><code class="plain plain">"Effect": "Allow",</code>
</div>
<div class="line number6 index5 alt1">
<code class="plain spaces"> </code><code class="plain plain">"Action": "oss:ListObjects",</code>
</div>
<div class="line number7 index6 alt2">
<code class="plain spaces"> </code><code class="plain plain">"Resource": "acs:oss:*:*:myBuket",</code>
</div>
<div class="line number8 index7 alt1">
<code class="plain spaces"> </code><code class="plain plain">"Condition": {</code>
</div>
<div class="line number9 index8 alt2">
<code class="plain spaces"> </code><code class="plain plain">"StringLike": {</code>
</div>
<div class="line number10 index9 alt1">
<code class="plain spaces"> </code><code class="plain plain">"oss:Delimiter": "/",</code>
</div>
<div class="line number11 index10 alt2">
<code class="plain spaces"> </code><code class="plain plain">"oss:Prefix": [</code>
</div>
<div class="line number12 index11 alt1">
<code class="plain spaces"> </code><code class="plain plain">"",</code>
</div>
<div class="line number13 index12 alt2">
<code class="plain spaces"> </code><code class="plain plain">"static/",</code>
</div>
<div class="line number14 index13 alt1">
<code class="plain spaces"> </code><code class="plain plain">"static/material/*"</code>
</div>
<div class="line number15 index14 alt2">
<code class="plain spaces"> </code><code class="plain plain">]</code>
</div>
<div class="line number16 index15 alt1">
<code class="plain spaces"> </code><code class="plain plain">}</code>
</div>
<div class="line number17 index16 alt2">
<code class="plain spaces"> </code><code class="plain plain">}</code>
</div>
<div class="line number18 index17 alt1">
<code class="plain spaces"> </code><code class="plain plain">},</code>
</div>
<div class="line number19 index18 alt2">
<code class="plain spaces"> </code><code class="plain plain">{</code>
</div>
<div class="line number20 index19 alt1">
<code class="plain spaces"> </code><code class="plain plain">"Effect": "Allow",</code>
</div>
<div class="line number21 index20 alt2">
<code class="plain spaces"> </code><code class="plain plain">"Action": "oss:*",</code>
</div>
<div class="line number22 index21 alt1">
<code class="plain spaces"> </code><code class="plain plain">"Resource": [</code>
</div>
<div class="line number23 index22 alt2">
<code class="plain spaces"> </code><code class="plain plain">"acs:oss:*:*:myBuket/static/material/*"</code>
</div>
<div class="line number24 index23 alt1">
<code class="plain spaces"> </code><code class="plain plain">]</code>
</div>
<div class="line number25 index24 alt2">
<code class="plain spaces"> </code><code class="plain plain">}</code>
</div>
<div class="line number26 index25 alt1">
<code class="plain spaces"> </code><code class="plain plain">]</code>
</div>
<div class="line number27 index26 alt2">
<code class="plain plain">}</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<code>这个脚本指定 myBucket 下的 static/material/ 目录可以访问(任何权限)</code>。<br>
要访问这个目录,则这个目录的所有父目录都要有ListObjects权限,否则进不去。</p>
<p>
因此该脚本分为两部分,即两个Effect配置:<br>
第一部分是配置material/所有父目录的ListObjects权限</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_308452">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain">{</code>
</div>
<div class="line number2 index1 alt1">
<code class="plain spaces"> </code><code class="plain plain">"Effect": "Allow",</code>
</div>
<div class="line number3 index2 alt2">
<code class="plain spaces"> </code><code class="plain plain">"Action": "oss:ListObjects",</code>
</div>
<div class="line number4 index3 alt1">
<code class="plain spaces"> </code><code class="plain plain">"Resource": "acs:oss:*:*:myBuket",</code>
</div>
<div class="line number5 index4 alt2">
<code class="plain spaces"> </code><code class="plain plain">"Condition": {</code>
</div>
<div class="line number6 index5 alt1">
<code class="plain spaces"> </code><code class="plain plain">"StringLike": {</code>
</div>
<div class="line number7 index6 alt2">
<code class="plain spaces"> </code><code class="plain plain">"oss:Delimiter": "/",</code>
</div>
<div class="line number8 index7 alt1">
<code class="plain spaces"> </code><code class="plain plain">"oss:Prefix": [</code>
</div>
<div class="line number9 index8 alt2">
<code class="plain spaces"> </code><code class="plain plain">"",</code>
</div>
<div class="line number10 index9 alt1">
<code class="plain spaces"> </code><code class="plain plain">"static/",</code>
</div>
<div class="line number11 index10 alt2">
<code class="plain spaces"> </code><code class="plain plain">"static/material/*"</code>
</div>
<div class="line number12 index11 alt1">
<code class="plain spaces"> </code><code class="plain plain">]</code>
</div>
<div class="line number13 index12 alt2">
<code class="plain spaces"> </code><code class="plain plain">}</code>
</div>
<div class="line number14 index13 alt1">
<code class="plain spaces"> </code><code class="plain plain">}</code>
</div>
<div class="line number15 index14 alt2">
<code class="plain plain">}</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
第二部分配置materinal的所有权限,Action为“oss:*”表示操作OSS的所有权限</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_345617">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain">{</code>
</div>
<div class="line number2 index1 alt1">
<code class="plain spaces"> </code><code class="plain plain">"Effect": "Allow",</code>
</div>
<div class="line number3 index2 alt2">
<code class="plain spaces"> </code><code class="plain plain">"Action": "oss:*",</code>
</div>
<div class="line number4 index3 alt1">
<code class="plain spaces"> </code><code class="plain plain">"Resource": [</code>
</div>
<div class="line number5 index4 alt2">
<code class="plain spaces"> </code><code class="plain plain">"acs:oss:*:*:myBuket/static/material/*"</code>
</div>
<div class="line number6 index5 alt1">
<code class="plain spaces"> </code><code class="plain plain">]</code>
</div>
<div class="line number7 index6 alt2">
<code class="plain plain">}</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<span><strong>配置权限</strong></span></p>
<p>
添加权限时从自定义策略中选择上面定义的权限即可</p>
<p>
<img title="阿里云OSS访问权限配置(RAM权限控制)实现" alt="阿里云OSS访问权限配置(RAM权限控制)实现" src="https://zhuji.jb51.net/uploads/img/202305/95c89630eaff39a47ed0898c9c46d9c2.jpg"></p>
<p>
<img title="阿里云OSS访问权限配置(RAM权限控制)实现" alt="阿里云OSS访问权限配置(RAM权限控制)实现" src="https://zhuji.jb51.net/uploads/img/202305/abe0b78406031a5465d96cf1eed8b04b.jpg"></p>
<p>
<span><strong>打开ossbrowser</strong></span></p>
<p>
用上面配置的accessKeyId和AccessKeySerect<br>
预设路径一定要设置刚才的 oss://myBuket/static/material</p>
<p>
<img title="阿里云OSS访问权限配置(RAM权限控制)实现" alt="阿里云OSS访问权限配置(RAM权限控制)实现" src="https://zhuji.jb51.net/uploads/img/202305/c857ccfda1d093343a624d2f1a7ba9e4.jpg"></p>
<p>
点击登入即可。</p>
<p>
oss的API权限也是这么控制的。</p>
<p>
<span><strong>参考</strong></span></p>
<p>
通过OSSborrower进行OSS授权管理<br>RAM子账户授权OSS单个bucket中部分文件的访问权限<br>使用RAM对OSS进行权限管理</p>
<p>
到此这篇关于阿里云OSS访问权限配置(RAM权限控制)实现的文章就介绍到这了,更多相关阿里云OSS访问权限配置内容请搜索服务器之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持服务器之家!</p>
<p>
原文链接:https://blog.csdn.net/iteye_19045/article/details/107121973</p>
頁:
[1]