User authorization is required on all ONTAP object stores in order to restrict connectivity to authorized clients.
When you create an S3 user, an access-key and a secret-key will be generated. They must be shared with the user along with the object store's FQDN and bucket name. S3 users' keys can be displayed with the vserver object-store-server user show command.
You can grant specific access permissions to S3 users in a bucket policy or an object server policy.