Autonomous Transaction Processing

Get Involved. Join the Conversation.

Topic

    Pramoda Vyasarao
    Object storage access via Cloud console to business users
    Topic posted June 30, 2019 by Pramoda VyasaraoGreen Ribbon: 100+ Points, tagged Transaction Processing 
    39 Views, 2 Comments
    Title:
    Object storage access via Cloud console to business users
    Content:

    Hello,

    Allow group Data_Team to manage objects in compartment ABC where all {target.bucket.name='BucketA', any {request.permission='OBJECT_CREATE', request.permission='OBJECT_INSPECT’}}
     
    With this policy defined, I plan to create business users and assign them to the group Data_Team. Here is my question, appreciate any insights on this.
     
     Can users of Data_Team (group) use cloud console UI to upload files to the object storage bucket? Or is it just via APIs / CLI ?
    In this  use case , business users procure large lists of external data in XLS/CSV files.  If we can achieve the above, I'm thinking of allowing business users to upload files to Object storage via a browser and then developers can access & load them to tables. In Cloud console UI, Data_Team should just see Object storage link enabled (no other option).
     
     
    Regards,
    Pramoda 

    Comment

     

    • Pramoda Vyasarao

      To clarify, I am trying to avoid building a custom UI for business users to upload files to Object storage Hence this question on leveraging cloud console UI.

    • Kumar Dhanagopal

      Can users of Data_Team (group) use cloud console UI to upload files to the object storage bucket? Or is it just via APIs / CLI ?

      Yes, the IAM policies that you define apply to all the interfaces - web console, CLI, API, ...

      In Cloud console UI, Data_Team should just see Object storage link enabled (no other option).

      The users in the Data_Team group will "see" all the other options in the web console, but the only CRUD operations they can perform are those that you define in the IAM policy.

      Btw, it appears that you're trying to use nested conditions. I haven't tried that, and am curious to know whether this is supported. Pls do let me know. Just in case nested conditions aren't supported, then you'll need to write separate statements, one for each of the permission types.