SCSP Context Sub-Resources

The Gateway creates SCSP context sub-resources to allow the specification of identity management systems, access control policies, and metadata transforms.

These are the sub-resources and the context in which they are applicable when using the Gateway.

Sub-Resource

Context

Description

Sub-Resource

Context

Description

idsys

domain

Identity system definition

policy

domain, bucket

Access control policy

xform

domain, bucket

Metadata transform

All storage domain and bucket sub-resources are controlled with one of the policy actions PutPolicy, GetPolicy, or DeletePolicy.

Warning

Permission to read or change these sub-resources for a storage domain must be protected from untrusted users and, in deployments where end-users are allowed to manage storage domains, a cluster or tenant administrator normally retains ownership of the storage domain. An end-user is able to read and change the domain's sub-resources if they own the storage domain.

IDSYS

The IDSYS document sub-resource for a storage domain is manipulated using authenticated SCSP commands through the Gateway. This is accomplished by uploading the JSON document for the IDSYS to the storage domain's IDSYS sub-resource using the HTTP PUT operation.

PUT /?idsys Content-Type: application/json {"ldap" : { "ldaphost" : "ldap.example.com", ... }

The entire JSON document with all fields must be provided when updating the IDSYS sub-resource and the Content-Type: application/json header must be included with the request.

Permission to update the IDSYS document for a domain is granted with the PutPolicy policy action. 

Reading the IDSYS document is controlled with the GetPolicy policy action and uses the HTTP GET operation.

GET /?idsys

An IDSYS is removed using the HTTP DELETE operation and controlled with the DeletePolicy policy action.

DELETE /?idsys

Policy

The Policy document sub-resources for storage domains and buckets are manipulated using authenticated SCSP commands through the Gateway.

Creating a new Policy document or replacing an existing one are both controlled with the PutPolicy action. The entire JSON document with all fields must be provided when updating the policy sub-resource and the Content-Type: application/json header must be included with the request. 

The HTTP PUT operation is used to update a domain Policy:

or a bucket Policy:

Reading a Policy document is controlled by the GetPolicy action. Examples of reading a Policy for a storage domain and a bucket:

Deleting a Policy document is controlled by the DeletePolicy action. Examples of deleting a Policy for a storage domain and a bucket:

XFORM

The metadata transform (XFORM) sub-resource for domains and buckets are manipulated using authenticated SCSP commands through the Gateway.

Creating a new XFORM document or replacing an existing one are both controlled with the PutPolicy action. The entire JSON document with all fields must be provided when updating the xform sub-resource and the Content-Type: application/json header must be included with the request.

The HTTP PUT operation is used to update a domain XFORM:

Or a bucket XFORM:

Reading an XFORM document is controlled by the GetPolicy action. Examples of reading an XFORM for a storage domain and a bucket:

Deleting an XFORM document is controlled by the DeletePolicy action. Examples of deleting an XFORM for a storage domain and a bucket:

 

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.