Gateway Access Control Policies

The Content Gateway provides a rich access control mechanism that allows for coarse to fine-grained control over user access to content within a storage domain and administrative actions within the management API. Access control is defined within Policy documents that may specify permissions on specific objects when necessary. Access control Policy documents are stored in the following locations:

  • Root Policy file

  • Tenant Policy sub-resource

  • Storage domain Policy sub-resource

  • Bucket Policy sub-resource

The root Policy document is stored in a JSON file:


This file must be kept synchronized between all Gateway servers. Changes to the local file take effect without the need to restart the Gateway. The policy sub-resource for tenants, storage domains, and buckets is kept within the cluster, is shared among all Gateway servers, and is accessed through the management API or storage API.


The root Policy configuration file must exist and must contain a valid JSON string or be blank. The minimum valid JSON content is "{}".

© DataCore Software Corporation. · · All rights reserved.