在这里插入代码片1,要OSS的bucket 一定要设置成公共只读 ,不要写的权限
对文件写操作需要进行身份验证,可以对文件进行匿名读。
2.增加上传权限
{
“Version”: “1”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“oss:CheckMfdServiceOpen”,
“oss:DescribeExportInfo”,
“oss:DescribeRegions”,
“oss:DescribeServiceLinkedRoleStatus”,
“oss:DoMetaQuery”,
“oss:ExportResult”,
“oss:GetAccessPoint”,
“oss:GetAccessPointConfigForObjectProcess”,
“oss:GetAccessPointForObjectProcess”,
“oss:GetAccessPointPolicy”,
“oss:GetAccessPointPolicyForObjectProcess”,
“oss:GetAccessPointPublicAccessBlock”,
“oss:GetAsyncFetchTask”,
“oss:GetBucketAccessMonitor”,
“oss:GetBucketAcl”,
“oss:GetBucketArchiveDirectRead”,
“oss:GetBucketCacheConfiguration”,
“oss:GetBucketCallbackPolicy”,
“oss:GetBucketCommonHeader”,
“oss:GetBucketCors”,
“oss:GetBucketDataAccelerator”,
“oss:GetBucketDataRedundancyTransition”,
“oss:GetBucketEncryption”,
“oss:GetBucketEventNotification”,
“oss:GetBucketHash”,
“oss:GetBucketHttpsConfig”,
“oss:GetBucketImage”,
“oss:GetBucketInfo”,
“oss:GetBucketInventory”,
“oss:GetBucketLifecycle”,
“oss:GetBucketLocation”,
“oss:GetBucketLogging”,
“oss:GetBucketNotification”,
“oss:GetBucketOverwriteConfig”,
“oss:GetBucketPolicy”,
“oss:GetBucketPolicyStatus”,
“oss:GetBucketPublicAccessBlock”,
“oss:GetBucketQoSInfo”,
“oss:GetBucketReferer”,
“oss:GetBucketReplication”,
“oss:GetBucketReplicationLocation”,
“oss:GetBucketReplicationProgress”,
“oss:GetBucketRequesterQoSInfo”,
“oss:GetBucketRequestPayment”,
“oss:GetBucketResourceGroup”,
“oss:GetBucketResponseHeader”,
“oss:GetBucketStat”,
“oss:GetBucketTagging”,
“oss:GetBucketTransferAcceleration”,
“oss:GetBucketVersioning”,
“oss:GetBucketWebsite”,
“oss:GetBucketWorm”,
“oss:GetCache”,
“oss:GetCnameToken”,
“oss:GetDataLakeCachePrefetchJob”,
“oss:GetDataLakeStorageTransferJob”,
“oss:GetFileDetectReport”,
“oss:GetImageSceneLabelListConf”,
“oss:GetJobNameList”,
“oss:GetLiveChannel”,
“oss:GetLiveChannelHistory”,
“oss:GetLiveChannelStat”,
“oss:GetMetaQueryStatus”,
“oss:GetObject”,
“oss:GetObjectAcl”,
“oss:GetObjectTagging”,
“oss:GetOssBucketScanStatistic”,
“oss:GetOssCheckResultDetail”,
“oss:GetOssCheckStatus”,
“oss:GetOssScanConfig”,
“oss:GetPublicAccessBlock”,
“oss:GetReservedCapacity”,
“oss:GetResourcePoolInfo”,
“oss:GetResourcePoolRequesterQoSInfo”,
“oss:GetScanNum”,
“oss:GetSddpDefaultTask”,
“oss:GetStatusList”,
“oss:GetStockOssCheckTasksList”,
“oss:GetStyle”,
“oss:GetSwitchRegionDetail”,
“oss:GetUserAntiDDosInfo”,
“oss:GetUserDefinedLogFieldsConfig”,
“oss:GetUserQoSInfo”,
“oss:GetVirtualBucket”,
“oss:GetVodPlaylist”,
“oss:HeadBucket”,
“oss:ListBucketDataRedundancyTransition”,
“oss:ListLiveChannel”,
“oss:ListObjectScanEvent”,
“oss:ListOssBucket”,
“oss:ListOssBucketScanInfo”,
“oss:ListSddpFileCategorys”,
“oss:ListSddpObjects”,
“oss:ListSddpRegions”,
“oss:ListSddpTemplateAllRules”,
“oss:ListSupportObjectSuffix”,
“oss:ListVirtualBucket”,
“oss:OssCheckResultList”,
“oss:PutBucketAcl”,
“oss:PutObject”
],
“Resource”: “*”
}
]
}
3.增加删除权限
{
“Version”: “1”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“oss:DeleteObject”,
“oss:DeleteObjectVersion”,
“oss:DeleteObjectTagging”,
“oss:DeleteObjectVersionTagging”
],
“Resource”: [
“acs:oss:::bucket1/test/images/vehicleAAA/",
"acs:oss:::bucket1/dev/images/vehicleAAA/”,
“acs:oss:::bucket1/prod/images/vehicleAAA/",
"acs:oss:::bucket02/test/images/vehicleAAA/”,
“acs:oss:::bucket02/dev/images/vehicleAAA/",
"acs:oss:::bucket02/prod/images/vehicleAAA/”,
“acs:oss:::bucket02/test/images/ddfile/",
"acs:oss:::bucket02/dev/images/ddfile/”,
“acs:oss:::bucket02/prod/images/ddfile/"
]
},
{
“Effect”: “Allow”,
“Action”: “oss:ListObjects”,
“Resource”: "acs:oss:::bucket1",
“Condition”: {
“StringLike”: {
“oss:Prefix”: [
"test/images/vehicleAAA/”,
“test/images/ddfile/",
"prod/images/vehicleAAA/”,
“prodt/images/ddfile/",
"dev/images/vehicleAAA/”,
“dev/images/ddfile/"
]
}
}
},
{
“Effect”: “Allow”,
“Action”: “oss:ListObjects”,
“Resource”: "acs:oss:::bucket02",
“Condition”: {
“StringLike”: {
“oss:Prefix”: [
"test/images/vehicleAAA/”,
“test/images/ddfile/",
"prod/images/vehicleAAA/”,
“prodt/images/ddfile/",
"dev/images/vehicleAAA/”,
“dev/images/ddfile/*”
]
}
}
}
]
}
