You can manage permissions for S3 user groups by importing federated groups or creating local groups.
If you selected... | Enter... |
---|---|
Local | Both a display name and a unique name for this group. You can edit the display name later. |
Federated | The unique name of the federated group. Note: For Active Directory, the unique name is the name associated with the sAMAccountName attribute. For OpenLDAP, the unique name is the name associated with the uid attribute.
|
Tenant management permissions.
Option | Description |
---|---|
No S3 Access | Default. Users in this group do not have access to S3 resources, unless access is granted with a bucket policy. If you select this option, only the root user will have access to S3 resources by default. |
Read Only Access | Users in this group have read-only access to S3 resources. For example, users in this group can list objects and read object data, metadata, and tags. When you select this option, the JSON string for a read-only group policy appears in the text box. You cannot edit this string. |
Full Access | Users in this group have full access to S3 resources, including buckets. When you select this option, the JSON string for a full-access group policy appears in the text box. You cannot edit this string. |
Custom | Users in the group are granted the permissions you specify in the text box. See the instructions for implementing an S3 client application for detailed information about group policies, including language syntax and examples. |
New group policies might take up to 15 minutes to take effect because of caching.