A Swift tenant account is required before Swift API clients can store and retrieve objects on StorageGRID. Each tenant account has its own account ID, groups and users, and containers and objects.
Swift tenant accounts are created by a StorageGRID grid administrator using the Grid Manager or the Grid Management API.
When creating a Swift tenant account, the grid administrator specifies the following information:
- Display name for the tenant (the tenant's account ID is assigned automatically and cannot be changed)
- Optionally, a storage quota for the tenant account—the maximum number of gigabytes, terabytes, or petabytes
available for the tenant's objects. A tenant's storage quota represents a logical amount (object size), not a physical amount (size on disk).
- If single sign-on (SSO) is not in use for the StorageGRID system, whether the tenant account will use its own identity source or share the grid's identity source, and the initial password for the tenant's local root user.
- If SSO is enabled, which federated group has Root Access permission to configure the tenant account.
After a Swift tenant account is created, users with the Root Access permission can access the
Tenant Manager to perform tasks such as the following:
- Setting up identity federation (unless the identity source is shared with the grid), and creating local groups and users
- Monitoring storage usage
Attention: Swift users must have the Root Access permission to access the Tenant Manager. However, the Root Access permission does not allow users to authenticate into the Swift REST API to create containers and ingest objects. Users must have the Administrator permission to authenticate into the Swift REST API.