Create an S3 user


User authorization is required on all ONTAP object stores in order to restrict connectivity to authorized clients.

What you’ll need

An S3-enabled SVM must already exist.

About this task

An S3 user can be granted access to any bucket in an SVM but not in multiple SVMs.

When you create an S3 user, an access-key and a secret-key will be generated. They must be shared with the user along with the object store’s FQDN and bucket name. S3 users' keys can be displayed with the vserver object-store-server user show command.

You can grant specific access permissions to S3 users in a bucket policy or an object server policy.


When an object store server is created, a root user (UID 0) is created, a privileged user with access all buckets. Rather than administering ONTAP S3 as root user, it is a best practice to create an admin user role with specific privileges.

  1. Create an S3 user:

    vserver object-store-server user create -vserver svm_name -user user_name [-comment text]