Tenant management permissions

Tenant management permissions are assigned to groups and determine which tasks users can perform using the Tenant Management Interface or the Tenant Management API. A user can belong to one or more groups.

To sign in to the Tenant Management Interface or to use the Tenant Management API, users must belong to a group that has at least one permission. All users who can sign in can perform the following tasks:

You can assign the following permissions to a group. Note that S3 tenants and Swift tenants have different group permissions.

Permission Description

Root Access

Provides access to all tenant administration features. Allows users to perform these tasks:
  • Configure an identity server
  • Create, edit, and remove groups
  • Create, edit, and remove users
  • Change user passwords
  • S3 tenants: Create and remove S3 access keys for the S3 root user and other S3 users

Administrator

Swift tenants only. Provides full access to data using the Swift protocol.

Manage Your Own S3 Credentials

S3 tenants only. Allows users to create and remove their own S3 access keys. Users who do not have this permission do not see the S3 > My Credentials menu option.

Manage All Containers

  • S3 tenants: Allows users to use the Tenant Management Interface or the Tenant Management API to manage the settings for all S3 buckets in the tenant account, regardless of S3 bucket or group policies.

    Users who do not have this permission do not see the S3 > Buckets menu option.

  • Swift tenants: Allows Swift users to control the consistency level for Swift containers using the Tenant Management API. The Manage All Containers permission can be granted to Swift groups using the Tenant Management API.

Manage Endpoints

S3 tenants only. Allows users to use the Tenant Management Interface or the Tenant Management API to create or edit endpoints, which are used as the destination for StorageGRID Webscale platform services.

Users who do not have this permission do not see the S3 > Endpoints menu option.