Re: [ceph-users] Radosgw s3 subuser permissions

[Adam C. Emerson]

On 24/01/2019, Marc Roos wrote:
>
>
> This should do it sort of.
>
> {
>   "Id": "Policy1548367105316",
>   "Version": "2012-10-17",
>   "Statement": [
>     {
>       "Sid": "Stmt1548367099807",
>       "Effect": "Allow",
>       "Action": "s3:ListBucket",
>       "Principal": { "AWS": "arn:aws:iam::Company:user/testuser" },
>       "Resource": "arn:aws:s3:::archive"
>     },
>     {
>       "Sid": "Stmt1548369229354",
>       "Effect": "Allow",
>       "Action": [
>         "s3:GetObject",
>         "s3:PutObject",
>         "s3:ListBucket"
>       ],
>       "Principal": { "AWS": "arn:aws:iam::Company:user/testuser" },
>       "Resource": "arn:aws:s3:::archive/folder2/*"
>     }
>   ]
> }


Does this work well for sub-users? I hadn't worked on them as we were
focusing on the tenant/user case, but if someone's been using policy
with sub-users, I'd like to hear their experience and any problems
they run into.

-- 
Senior Software Engineer           Red Hat Storage, Ann Arbor, MI, US
IRC: Aemerson@OFTC, Actinic@Freenode
0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C  7C12 80F7 544B 90ED BFB9
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com