Controlling storage and system access

Using storage tenant accounts, you can specify who can store and retrieve objects. Using administration user accounts and groups, you control access to the features and functionality of the StorageGRID system.

Controlling storage access

A tenant account allows you to specify who can use your StorageGRID system to store and retrieve objects, and which functionality is available to them. Tenant accounts allow client applications that use the Simple Storage Service (S3) REST API or the Swift REST API to store and retrieve objects on StorageGRID. Each tenant account supports the use of a single protocol, which you specify when you create the account.

You create, edit, or delete tenant accounts using the Grid Manager. After a tenant account is created, tenant users can access the Tenant Manager to perform tasks such as the following:

Controlling system access

You determine who can access the Grid Manager, Tenant Manager, the Grid Management API, and the Tenant Management API by importing groups and users from an identity federation service or by setting up local groups and local users.

You determine which StorageGRID tasks users can perform by assigning permissions to each group. Users must belong to a group to be granted access to the system. For example, you might want users in one admin group to be able to manage ILM rules and users in another admin group to perform maintenance tasks.

Optionally, you can enable single sign-on (SSO) for your entire StorageGRID if you want all StorageGRID users to be authenticated by an external identity provider such as Active Directory Federation Services.