An S3 tenant account is required before S3 API clients can store and retrieve objects on StorageGRID. Each tenant account has its own account ID, groups and users, and containers and objects.
S3 tenant accounts are created by a
StorageGRID grid administrator using the
Grid Manager or the
Grid Management API. When creating an S3 tenant account, the grid administrator specifies the following information:
- Display name for the tenant (the tenant's account ID is assigned automatically and cannot be changed)
- Whether the use of platform services will be allowed for the account
- Optionally, a storage quota for the tenant account—the maximum number of gigabytes, terabytes, or petabytes
available for the tenant's objects. A tenant's storage quota represents a logical amount (object size), not a physical amount (size on disk).
- If single sign-on (SSO) is not in use for the StorageGRID system, whether the tenant account will use its own identity source or share the grid's identity source, and the initial password for the tenant's local root user.
- If SSO is enabled, which federated group has Root Access permission to configure the tenant account.
After an S3 tenant account is created, tenant users can access the
Tenant Manager to perform tasks such as the following:
- Setting up identity federation (unless the identity source is shared with the grid), and creating local groups and users
- Managing S3 access keys
- Creating and managing S3 buckets
- Using platform services (if enabled)
- Monitoring storage usage
Attention: S3 tenant users can create and manage S3 buckets with the Tenant Manager, but they must have S3 access keys and use the S3 REST API to ingest and manage objects.