Hello,
I have an user with 3 subuser:
{ "user_id": "johndoe",
"display_name": "John Doe",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [
{ "id": "johndoe:readonly",
"permissions": "read"},
{ "id": "johndoe:swift",
"permissions": "full-control"},
{ "id": "johndoe:wo",
"permissions": "write"}],
"keys": [
{ "user": "johndoe",
"access_key": "xxx",
"secret_key": "xxx}],
"swift_keys": [
{ "user": "johndoe:readonly",
"secret_key": "abcde"},
{ "user": "johndoe:swift",
"secret_key": "fghij"},
{ "user": "johndoe:wo",
"secret_key": "klmno"}],
"caps": []}
If I understand correct johndoe:readonly subuser has no privileges to
create container or upload object. But I can do:
swift -V 1.0 -A http://localhost/auth -U johndoe:readonly -K abcde post
testcontainer
swift -V 1.0 -A http://localhost/auth -U johndoe:readonly -K abcde upload
testcontainer testfile.100
swift -V 1.0 -A http://localhost/auth -U johndoe:readonly -K abcde stat
testcontainer sparse.100
Account: v1
Container: testcontainer
Object: sparse.100
Content Type: binary/octet-stream
Content Length: 5242880
Last Modified: Fri, 23 Aug 2013 12:25:57 GMT
ETag: 5f363e0e58a95f06cbe9bbc662c5dfb6
Meta Mtime: 1372251959.01
.......
Another side, johndoe:wo user (who has write permission only) should not be
able to list containers and objects. But I can do it:
swift -V 1.0 -A http://localhost/auth -U johndoe:wo -K klmno list
testcontainer
sparse.100
Is there anything that I misunderstood?
Thank you,
Mihaly
_______________________________________________
ceph-users mailing list
[email protected]
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
