Creating groups for a Swift tenant

You can manage access permissions for a Swift tenant account by creating local groups or by importing federated groups. At least one group must have the Administrator permission, which is required to manage the containers and objects for a Swift tenant account.

Before you begin

Steps

  1. Select Access Control > Groups.

    screenshot showing the Access Control > Groups page
  2. Click Add.
  3. Select Local to create a local group, or select Federated to import a group from the previously configured identity source.
  4. Enter the group's name.
    If you selected... Enter...
    Local Both a display name and a unique name for this group. You can edit the display name later.
    Federated The unique name of the federated group.
    Note: For Active Directory, the unique name is the name associated with the sAMAccountName attribute. For OpenLDAP, the unique name is the name associated with the uid attribute.
  5. In the Management Permissions section, select Root Access if you want users in this group to be able to sign in to the Tenant Manager or the Tenant Management API.
    Attention: Users who do not have the Root Access permission receive an error if they try to sign in to the tenant account.
    screenshot showing Forbidden warning if Swift user signs in without Root Access permission
  6. In the Swift Permissions section, select Administrator if you want users in this group to be able to use the Swift REST API to create and manage Swift containers and objects.

    screenshot showing Administrator permission selected for Swift REST API group
    Attention: Users must have the Administrator permission to perform operations with the Swift REST API. The tenant account's root user does not have permission to use the Swift REST API.
  7. Click Save.

    New group policies might take up to 15 minutes to take effect because of caching.