Tenant management permissions are assigned to groups and determine which tasks users can perform using the Tenant Manager or the Tenant Management API. A user can belong to one or more groups.
To sign in to the Tenant Manager or to use the Tenant Management API, users must belong to a group that has at least one permission. All users who can sign in can perform the following tasks:
You can assign the following permissions to a group. Note that S3 tenants and Swift tenants have different group permissions. Changes might take up to 15 minutes to take effect because of caching.
| Permission | Description |
|---|---|
Root Access |
Provides full access to the Tenant Manager and the Tenant Management API. Note: Swift users must have Root Access permission to sign in to the tenant account.
|
Administrator |
Swift tenants only. Provides full access to the Swift containers and objects for this tenant account
Note: Swift users must have the Administrator permission to perform any operations with the Swift REST API.
|
Manage Your Own S3 Credentials |
S3 tenants only. Allows users to create and remove their own S3 access keys. Users who do not have this permission do not see the menu option. |
Manage All Containers |
|
Manage Endpoints |
S3 tenants only. Allows users to use the Tenant Manager or the Tenant Management API to create or edit endpoints, which are used as the destination for StorageGRID Webscale platform services. Users who do not have this permission do not see the menu option. |