A tenant account allows clients that use the Simple Storage Service (S3) protocol or the Swift protocol to store and retrieve objects on a StorageGRID Webscale system.
Each tenant account supports the use of a single protocol, which is specified by the grid administrator at the time that the account is created. To store and retrieve objects to a StorageGRID Webscale system with both protocols, you would require two tenant accounts: one for Swift containers and objects and one for S3 buckets and objects. Each tenant account has its own unique account ID, Tenant Management Interface, federated or local groups and users, and containers (buckets for S3) and objects.
Optionally, you could choose to have different tenant accounts on a
StorageGRID Webscale system to segregate stored objects by different entities. For example, a
StorageGRID Webscale system might use multiple tenant accounts in either of these use cases:
- Enterprise use case: If the StorageGRID Webscale system is being used within an enterprise, the grid's object storage might be segregated by the different departments in the organization. For example, there might be tenant accounts for the Marketing department, the Customer Support department, the Human Resources department, and so on.
Note: Using tenant accounts ensures that tenants do not have access to each others data. However, if you use the S3 client protocol, you can simply use S3 buckets and bucket policies to segregate objects between the departments in an enterprise. You do not need to use tenant accounts. See the S3 (Simple Storage Service) Implementation Guide for more information.
- Service provider use case: If the StorageGRID Webscale system is being used by a service provider, the grid's object storage might be segregated by the different entities that lease the storage. For example, there might be tenant accounts for Company A, Company B, Company C, and so on.
Storage tenant accounts are created by a
StorageGRID Webscale grid administrator using the
Grid Management Interface (either the user interface or the API). When creating a tenant account, the grid administrator specifies the following information:
- Display name for the tenant account (the tenant's account ID is assigned automatically and cannot be changed)
- Which client protocol will be used by the tenant account (S3 or Swift)
- Whether a tenant account has permission to use platform services with S3 buckets
- Initial password for the tenant account’s root user
- Whether the tenant account uses the identity source that was configured for the grid or its own identity source for identity federation
- Optionally, a storage quota for the tenant account—the maximum number of gigabytes, terabytes, or petabytes
available for the tenant's objects
As soon as the tenant account has been created, you can sign into the Tenant Management Interface to monitor storage usage and to set up identity federation, groups, and users. After users have been set up, S3 client users will also use the Tenant Management Interface to create and manage the access keys needed to store and retrieve objects on the StorageGRID Webscale system.
This guide provides instructions for using the Tenant Management Interface. For information about creating storage tenant accounts, see the Administrator Guide.