Skip to main content

Create or modify S3 groups

Contributors netapp-aherbin netapp-ahibbard
PDFs

You can simplify bucket access by creating groups of users with appropriate access authorizations.

Before you begin

S3 users in an S3-enabled SVM must already exist.

About this task

Users in an S3 group can be granted access to any bucket in an SVM but not in multiple SVMs. Group access permissions can be configured in two ways:

  • At the bucket level

    After creating a group of S3 users, you specify group permissions in bucket policy statements and they apply only to that bucket.

  • At the SVM level

    After creating a group of S3 users, you specify object server policy names in the group definition. Those policies determine the buckets and access for the group members.

System Manager

  1. Edit the storage VM: click Storage > storage VMs, click the storage VM, click Settings and then click Edit icon under S3.

  2. Add a group: select Groups, then select Add.

  3. Enter a group name and select from a list of users.

  4. You can select an existing group policy or add one now, or you can add a policy later.

CLI

  1. Create an S3 group:
    vserver object-store-server group create -vserver svm_name -name group_name -users user_name\(s\) [-policies policy_names] [-comment text\]
    The -policies option can be omitted in configurations with only one bucket in an object store; the group name can be added to the bucket policy.
    The -policies option can be added later with the vserver object-store-server group modify command after object storage server policies are created.