Create or modify S3 groups
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- SAN storage management
- Security and data encryption
-
Data protection and disaster recovery
- Data protection with the CLI
Collection of separate PDF docs
Creating your file...
You can simplify bucket access by creating groups of users with appropriate access authorizations.
S3 users in an S3-enabled SVM must already exist.
Users in an S3 group can be granted access to any bucket in an SVM but not in multiple SVMs. Group access permissions can be configured in two ways:
-
At the bucket level
After creating a group of S3 users, you specify group permissions in bucket policy statements and they apply only to that bucket.
-
At the SVM level
After creating a group of S3 users, you specify object server policy names in the group definition. Those policies determine the buckets and access for the group members.
-
Edit the storage VM: click Storage > storage VMs, click the storage VM, click Settings and then click under S3.
-
Add a group: select Groups, then select Add.
-
Enter a group name and select from a list of users.
-
You can select an existing group policy or add one now, or you can add a policy later.
-
Create an S3 group:
vserver object-store-server group create -vserver svm_name -name group_name -users user_name\(s\) [-policies policy_names] [-comment text\]
The-policies
option can be omitted in configurations with only one bucket in an object store; the group name can be added to the bucket policy.
The-policies
option can be added later with thevserver object-store-server group modify
command after object storage server policies are created.