Creating groups for a Swift tenant

You can manage access permissions for a Swift tenant account by importing federated groups or creating local groups. At least one group must have the Administrator permission, which is required to manage the containers and objects for a Swift tenant account.

Before you begin

Steps

  1. Select Access Control > Groups.

    screenshot showing the Access Control > Groups page
  2. Click Add.
  3. For the group's type, select Local to create a local group, or select Federated to import a group from the previously configured identity source.
    Attention: If single sign-on (SSO) is enabled for your StorageGRID system, users belonging to local groups will not be able to sign in to the Tenant Manager, although they can use client applications to manage the tenant's resources, based on group permissions.
  4. Enter the group's name.
    If you selected... Enter...
    Local Both a display name and a unique name for this group. You can edit the display name later.
    Federated The unique name of the federated group.
    Note: For Active Directory, the unique name is the name associated with the sAMAccountName attribute. For OpenLDAP, the unique name is the name associated with the uid attribute.
  5. In the Management Permissions section, select Root Access if you want users in this group to be able to sign in to Tenant Manager or to the Tenant Management API.
    Attention: Users belonging to groups that do not have the Root Access permission receive an error if they try to sign in to the tenant account.
    screenshot showing Forbidden warning if Swift user signs in without Root Access permission
  6. In the Swift Permissions section, select Administrator if you want users in this group to be able to use the Swift REST API to create and manage Swift containers and objects.
    Attention: Users must have the Administrator permission to perform operations with the Swift REST API. The Root Access permission does not allow Swift users to use the Swift REST API.

    screenshot showing Administrator permission selected for Swift REST API group
  7. Click Save.

    New group policies might take up to 15 minutes to take effect because of caching.