Create or modify S3 groups

Contributors

You can simplify bucket access by creating groups of users with appropriate access authorizations.

What you’ll need

S3 users in an S3-enabled SVM must already exist.

About this task

Users in an S3 group can be granted access to any bucket in an SVM but not in multiple SVMs. Group access permissions can be configured in two ways:

  • At the bucket level

    After creating a group of S3 users, you specify group permissions in bucket policy statements and they apply only to that bucket.

  • At the SVM level

    After creating a group of S3 users, you specify object server policy names in the group definition. Those policies determine the buckets and access for the group members.

Step
  1. Create an S3 group:

    vserver object-store-server group create -vserver svm_name -name group_name -users user_name\(s\) [-policies policy_names] [-comment text\]

    The -policies option can be omitted in configurations with only one bucket in an object store; the group name can be added to the bucket policy.

    The -policies option can be added later with the vserver object-store-server group modify command after object storage server policies are created.