Under the corporate account CompanyExample (with ownerUin as 12345678 and appId as 1250000000), there is a sub-account named Developer. This sub-account requires read permissions for the files in the dir1 directory of the Bucket1 storage bucket in the Shanghai region of CompanyExample's COS service.
Solution A:
1. Create a policy through policy syntax.
{"version": "2.0","statement":[{"effect": "allow","action": ["cos:List*","cos:Get*","cos:Head*","cos:OptionsObject"],"resource": "qcs::cos:ap-shanghai:uid/1250000000:Bucket1-1250000000/dir1/*"}]}
2. Grant this policy to the sub-account. For the authorization method, please see Authorization Management.
Solution B:
Setting up Policy and ACL through the COS console. For specifics, please see COS Product Documentation.