Skip to main content

Create groups for a Swift tenant

Contributors

You can manage access permissions for a Swift tenant account by importing federated groups or creating local groups. At least one group must have the Swift Administrator permission, which is required to manage the containers and objects for a Swift tenant account.

Note Support for Swift client applications has been deprecated and will be removed in a future release.
Before you begin

Access the Create group wizard

Steps

As your first step, access the Create group wizard.

  1. Select ACCESS MANAGEMENT > Groups.

  2. Select Create group.

Choose a group type

You can create a local group or import a federated group.

Steps
  1. Select the Local group tab to create a local group, or select the Federated group tab to import a group from the previously configured identity source.

    If single sign-on (SSO) is enabled for your StorageGRID system, users belonging to local groups will not be able to sign in to the Tenant Manager, although they can use client applications to manage the tenant's resources, based on group permissions.

  2. Enter the group's name.

    • Local group: Enter both a display name and a unique name. You can edit the display name later.

    • Federated group: Enter the unique name. For Active Directory, the unique name is the name associated with the sAMAccountName attribute. For OpenLDAP, the unique name is the name associated with the uid attribute.

  3. Select Continue.

Manage group permissions

Group permissions control which tasks users can perform in the Tenant Manager and Tenant Management API.

Steps
  1. For Access mode, select one of the following:

    • Read-write (default): Users can sign in to Tenant Manager and manage the tenant configuration.

    • Read-only: Users can only view settings and features. They can't make any changes or perform any operations in the Tenant Manager or Tenant Management API. Local read-only users can change their own passwords.

      Note If a user belongs to multiple groups and any group is set to Read-only, the user will have read-only access to all selected settings and features.
  2. Select the Root access checkbox if group users need to sign in to the Tenant Manager or Tenant Management API.

  3. Select Continue.

Set Swift group policy

Swift users need administrator permission to authenticate into the Swift REST API to create containers and ingest objects.

  1. Select the Swift administrator checkbox if group users need to use the Swift REST API to manage containers and objects.

  2. If you are creating a local group, select Continue. If you are creating a federated group, select Create group and Finish.

Add users (local groups only)

You can save the group without adding users, or you can optionally add any local users that already exist.

Steps
  1. Optionally, select one or more local users for this group.

    If you have not yet created local users, you can add this group to the user on the Users page. See Manage local users.

  2. Select Create group and Finish.

    The group you created appears in the list of groups.