: The Exoteric Order of the Squid Cybernetic
Subject: Re: [ceph-users] Radosgw s3 subuser permissions
On 24/01/2019, Marc Roos wrote:
>
>
> This should do it sort of.
>
> {
> "Id": "Policy1548367105316",
> "Version": "2012-10-17",
>
On 24/01/2019, Marc Roos wrote:
>
>
> This should do it sort of.
>
> {
> "Id": "Policy1548367105316",
> "Version": "2012-10-17",
> "Statement": [
> {
> "Sid": "Stmt1548367099807",
> "Effect": "Allow",
> "Action": "s3:ListBucket",
> "Principal": { "AWS":
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Principal": { "AWS": "arn:aws:iam::Company:user/testuser" },
"Resource": "arn:aws:s3:::archive/folder2/*"
Hi Marc,
I'm not actually certain whether the traditional ACLs permit any
solution for that, but I believe with bucket policy, you can achieve
precise control within and across tenants, for any set of desired
resources (buckets).
Matt
On Thu, Jan 24, 2019 at 3:18 PM Marc Roos wrote:
>
>
> It
It is correct that it is NOT possible for s3 subusers to have different
permissions on folders created by the parent account?
Thus the --access=[ read | write | readwrite | full ] is for everything
the parent has created, and it is not possible to change that for
specific folders/buckets?