Skip to main content

Manage bucket permissions

This document describes how to manage permissions in Object Storage.

List of roles

You can view the list of roles currently assigned to the bucket.

  1. Go to KakaoCloud Console > Beyond Storage Service > Object Storage.

  2. In the Standard bucket menu, select the bucket where you want to view roles.

  3. Click the Permission tab, then open the Roles section to view the roles assigned to the bucket.

    FieldDescription
    TypeType of member with assigned role
    - Options: User, Group, Service account, Role group
    MemberEntity receiving the role
    IDKakaoCloud Console login ID
    RolePermission granted to the member

Add role

You can add roles for project members to individually grant access to objects.
Currently, permissions can only be configured for a single bucket. Object-level (file/folder) permission settings are not supported.

info

Depending on the role, some operations (e.g., creating a bucket, viewing objects, granting permissions) may be restricted. For details, refer to Roles and permissions.

  1. Go to KakaoCloud Console > Beyond Storage Service > Object Storage.

  2. Select the target bucket in the Standard bucket menu.

  3. Go to the Permission tab > Roles tab, then click [Add role].

  4. Select the type (User account, Role group, Service account), assign a role, and click [Save].

    Bucket role list Bucket role list

Modify role

You can modify the role of a member. However, if there is only one storage admin, their role cannot be changed.

  1. Go to KakaoCloud Console > Beyond Storage Service > Object Storage.
  2. Select the target bucket.
  3. In the Permission tab, click the [More] icon for the member > Modify role.
  4. In the Modify role popup, enter the information and click [Save].

Delete role

You can remove roles from members who no longer need access.
At least one storage admin must remain to maintain access. Access revocation typically takes about 1 minute but may take longer. While the change is immediately reflected in metadata, the user may still temporarily access objects.

You can delete the role of an individual member.

  1. Go to KakaoCloud Console > Beyond Storage Service > Object Storage.
  2. Select the target bucket.
  3. In the Permission tab, click the [More] icon for the member > Delete role.
  4. In the Delete role popup, review the details and click [Delete].

Configure bucket access settings

Enable public access

You can configure whether the bucket allows public access.

caution

Allowing public access enables external users without permissions to access the bucket. Use with caution.

  1. Go to KakaoCloud Console > Beyond Storage Service > Object Storage.

  2. Select the bucket where you want to allow public access.

  3. In the Permission tab, open the Access-Control tab, then click [Configure access].

    Access tab Access tab

    FieldDescription
    Public accessExternal access status of the bucket

  4. In the Configure access popup, select Enable public access (Read Only), enter the required information, and click [Save].

    Configure access Configure access

    FieldDescription
    Access permissionsSelect access type
    - Block public access (default): Only authorized users can access the bucket
    - Enable public access (Read Only): Allows public read-only access
    Allowed IP addressesConfigure IP addresses allowed to access
    - Up to 10,000 IPs allowed
    - Up to 63 IPs are displayed in text fields; for more, use CSV download
    - Duplicate IPs are automatically removed

    - [Reset] button: Clears all IPs
    - [Copy] button: Copies all IPs
    - [CSV download] button: Downloads entered IPs as CSV
    - [CSV upload] button: Upload IPs from Excel file
      ㄴ IPs can be entered one by one or comma-separated
      ㄴ Supported file types: csv / xlsx / xls

  5. In the Review access settings popup, confirm the information and click [OK].
    It may take about 1 minute for the changes to take

Configure bucket CORS

For detailed information about bucket CORS settings, refer to Bucket CORS policy.