CodexBloom - Programming Q&A Platform

OCI Object Storage: Unexpected Permissions scenarios When Accessing Pre-Signed URLs

๐Ÿ‘€ Views: 12 ๐Ÿ’ฌ Answers: 1 ๐Ÿ“… Created: 2025-07-15
oci object-storage presigned-url Python

This might be a silly question, but After trying multiple solutions online, I still can't figure this out... I'm working with an scenario with accessing pre-signed URLs for objects stored in OCI Object Storage. I've generated a pre-signed URL using the SDK, but when I try to access the URL in my browser, I receive a `403 Forbidden` behavior. Hereโ€™s the code snippet I'm using to generate the pre-signed URL: ```python import oci config = oci.config.from_file() object_storage_client = oci.object_storage.ObjectStorageClient(config) namespace = object_storage_client.get_namespace().data bucket_name = 'my_bucket' object_name = 'my_file.txt' # Generate pre-signed URL url = object_storage_client.generate_presigned_url( object_storage_client.get_object, namespace_name=namespace, bucket_name=bucket_name, object_name=object_name, expiration_seconds=3600 ) print(url) ``` Upon generating the URL, it appears valid, but when accessed, it leads to `403 Forbidden`. The object is set to private, and I have confirmed that the user whose credentials are used to generate the pre-signed URL has the necessary permissions (specifically `objectstorage.objects.get`). Iโ€™ve checked the IAM policies, and they seem to allow this user to access the bucket. Additionally, I verified the object is indeed in the specified bucket and the name is correct. I also tried regenerating the pre-signed URL after altering the objectโ€™s ACL to public, and it works, which indicates that the URL generation is functioning as expected. However, reverting the object access to private leads to the same permission behavior. Is there something specific I might be overlooking regarding permissions or configuration when generating pre-signed URLs for private objects? Any insights would be greatly appreciated! For context: I'm using Python on macOS. What am I doing wrong? This is part of a larger service I'm building. What's the best practice here? Is there a better approach? I recently upgraded to Python latest.