Bucket ACLs

Overview

Access Control List (ACL) on vStorage is a feature that allows you to manage access to buckets and objects within buckets. ACLs provide basic access levels that you can set for other Root user accounts on vStorage. Here is a basic guide to using ACLs:

1. Log in to https://vstorage.console.vngcloud.vn .

2. Select the icon in the project containing the bucket you want to grant permissions to.

3. If you want to delegate bucket permissions to a Root User Account or another IAM User Account or Service Account , you need to know the vStorage User ID of the user you want to delegate permissions to:

   1. For Root User Account : you can get vStorage User ID information right on the project information page as shown below.

b. For IAM User Account and Service Account : you can get vStorage User ID information in Identity and Access Management

1. Continue to select the Bucket you want to perform ACLs setup.

2. Select the Action icon and select Set ACLs.

4. Here, you can select user sets and corresponding access rights. Specifically:

• User sets in ACL: ACL allows setting access rights for the following types of users:

  • Bucket owner : The owner of the bucket.

  • Everyone (Public Access) : All users, any user can access the resource without being authenticated.

  • Authenticated users: All users on the vStorage HCM04 system.

  • Other accounts : Only users with specific vStorage User IDs are allowed to access the resources. You can view vStorage User ID information by following the instructions here.

• Permissions that can be granted:

• In addition, the ReadBucketACL, WriteBucketACL, ReadObjectACL, WriteObjectACL permissions: Allow users to view information/update the ACLs configuration of the bucket or object.

5. Select Update to save the configuration set for ACLs.

Example

Example 1: Grant ListObject permission to everyone (Public-Read)

• Select Everyone (public access) in the Access control list section .

• Select the List action to grant permission to list objects in the bucket to all users.

• Select Save .

Example 2: Grant FULL_CONTROL permission to another vStorage account

Attention:

• To grant access to resources to another vStorage account, you need to know the vStorage User ID of the user you want to share access to. You can view the vStorage User ID information by following the instructions here.

• In Other accounts , enter the vStorage User ID of the account to which you want to grant permissions.

• Select the List, Write action to grant permission to list objects in the bucket and upload objects to this bucket.

• Select Save .

• As shown above, I have assigned the above working permission bucket001 to the user vngclouddemo-123456. Now, the user vngclouddemo-123456can use the feature Add external bucketto add this shared bucket to your bucket list: