...
Type and Administrator Role | Example | |||||||
---|---|---|---|---|---|---|---|---|
CLUSTERDefine who can create tenants and non-tenanted domains Analogous to the Swarm administrator except they are defined in an external identity management system. This user or group is specified in the policy.json root Policy configuration file. | This policy.json file defines and grants full permissions to the cluster administrators group called ClusterAdmins. The members of the ClusterAdmins group are the cluster administrators users and are often the same that maintaining the physical infrastructure.
| |||||||
TENANTDefine who can create domains for the tenant Owner of the tenant object as specified by the X-Owner-Meta metadata header. It is common for the tenant administrator to create a Policy document for the tenant that grants permissions for a group of users to act on the same authority of the tenant administrator. | This tenant Policy document grants full access to a group called TenantAdmins whose members come from users within the acme tenant.
| |||||||
DOMAINDefine who can create buckets and unnamed objects Owner of the storage domain as specified by the X-OwnerMeta metadata header. It is common for the domain administrator, owner of the storage domain, to create a Policy document for the domain that grants permissions for a group of users to act on the same authority of the domain administrator. | This domain Policy document grants full access to a group called DomainAdmins whose members come from users within the domain.
| |||||||
BUCKETDefine who can create named objects within the bucket Owner of the bucket as specified by the X-Owner-Meta header. The bucket administrator, owner of the bucket, can attach a Policy document to the bucket that defines the access control policy for the bucket and its contents. | This bucket policy grants any authenticated user full access under
Here, all of the All objects are contained with the bucket context mybucket . The access control policy matches named objects with the prefixes incoming/ and reports/ within that bucket.
|
...