SCSP Context Sub-Resources
The Gateway creates SCSP context sub-resources to allow the specification of identity management systems, access control policies, and metadata transforms.
These are the sub-resources and the context in which they are applicable when using the Gateway.
Sub-Resource | Context | Description |
---|---|---|
idsys | domain | Identity system definition |
policy | domain, bucket | Access control policy |
xform | domain, bucket | Metadata transform |
All storage domain and bucket sub-resources are controlled with one of the policy actions PutPolicy, GetPolicy, or DeletePolicy.
Warning
Permission to read or change these sub-resources for a storage domain must be protected from untrusted users and, in deployments where end-users are allowed to manage storage domains, a cluster or tenant administrator normally retains ownership of the storage domain. An end-user is able to read and change the domain's sub-resources if they own the storage domain.
IDSYS
The IDSYS document sub-resource for a storage domain is manipulated using authenticated SCSP commands through the Gateway. This is accomplished by uploading the JSON document for the IDSYS to the storage domain's IDSYS sub-resource using the HTTP PUT operation.
PUT /?idsys Content-Type: application/json
{"ldap" : {
"ldaphost" : "ldap.example.com", ...
}
The entire JSON document with all fields must be provided when updating the IDSYS sub-resource and the Content-Type: application/json header must be included with the request.
Permission to update the IDSYS document for a domain is granted with the PutPolicy policy action.
Reading the IDSYS document is controlled with the GetPolicy policy action and uses the HTTP GET operation.
GET /?idsys
An IDSYS is removed using the HTTP DELETE operation and controlled with the DeletePolicy policy action.
DELETE /?idsys
Policy
The Policy document sub-resources for storage domains and buckets are manipulated using authenticated SCSP commands through the Gateway.
Creating a new Policy document or replacing an existing one are both controlled with the PutPolicy action. The entire JSON document with all fields must be provided when updating the policy sub-resource and the Content-Type: application/json header must be included with the request.
The HTTP PUT operation is used to update a domain Policy:
or a bucket Policy:
Reading a Policy document is controlled by the GetPolicy action. Examples of reading a Policy for a storage domain and a bucket:
Deleting a Policy document is controlled by the DeletePolicy action. Examples of deleting a Policy for a storage domain and a bucket:
XFORM
The metadata transform (XFORM) sub-resource for domains and buckets are manipulated using authenticated SCSP commands through the Gateway.
Creating a new XFORM document or replacing an existing one are both controlled with the PutPolicy action. The entire JSON document with all fields must be provided when updating the xform sub-resource and the Content-Type: application/json header must be included with the request.
The HTTP PUT operation is used to update a domain XFORM:
Or a bucket XFORM:
Reading an XFORM document is controlled by the GetPolicy action. Examples of reading an XFORM for a storage domain and a bucket:
Deleting an XFORM document is controlled by the DeletePolicy action. Examples of deleting an XFORM for a storage domain and a bucket:
© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.