Tenant management permissions

Tenant management permissions are assigned to groups and determine which tasks users can perform using the Tenant Manager or the Tenant Management API. A user can belong to one or more groups.

To sign in to the Tenant Manager or to use the Tenant Management API, users must belong to a group that has at least one permission. All users who can sign in can perform the following tasks:

You can assign the following permissions to a group. Note that S3 tenants and Swift tenants have different group permissions. Changes might take up to 15 minutes to take effect because of caching.

Permission Description

Root Access

Provides full access to the Tenant Manager and the Tenant Management API.

Note: Swift users must have Root Access permission to sign in to the tenant account.

Administrator

Swift tenants only. Provides full access to the Swift containers and objects for this tenant account
Note: Swift users must have the Administrator permission to perform any operations with the Swift REST API.

Manage Your Own S3 Credentials

S3 tenants only. Allows users to create and remove their own S3 access keys. Users who do not have this permission do not see the S3 > My Credentials menu option.

Manage All Containers

  • S3 tenants: Allows users to use the Tenant Manager or the Tenant Management API to manage the settings for all S3 buckets in the tenant account, regardless of S3 bucket or group policies.

    Users who do not have this permission do not see the S3 > Buckets menu option.

  • Swift tenants: Allows Swift users to control the consistency level for Swift containers using the Tenant Management API.
    Note: You can only assign the Manage All Containers permission to Swift groups from the Tenant Management API. You cannot assign this permission to Swift groups using the Tenant Manager.

Manage Endpoints

S3 tenants only. Allows users to use the Tenant Manager or the Tenant Management API to create or edit endpoints, which are used as the destination for StorageGRID Webscale platform services.

Users who do not have this permission do not see the S3 > Endpoints menu option.