Hi Marc, I'm not actually certain whether the traditional ACLs permit any solution for that, but I believe with bucket policy, you can achieve precise control within and across tenants, for any set of desired resources (buckets). Matt On Thu, Jan 24, 2019 at 3:18 PM Marc Roos <M.Roos@xxxxxxxxxxxxxxxxx> wrote: > > > It is correct that it is NOT possible for s3 subusers to have different > permissions on folders created by the parent account? > Thus the --access=[ read | write | readwrite | full ] is for everything > the parent has created, and it is not possible to change that for > specific folders/buckets? > > radosgw-admin subuser create --uid='Company$archive' --subuser=testuser > --key-type=s3 > > Thus if archive created this bucket/folder structure. > └── bucket > ├── folder1 > ├── folder2 > └── folder3 > └── folder4 > > It is not possible to allow testuser to only write in folder2? > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com -- Matt Benjamin Red Hat, Inc. 315 West Huron Street, Suite 140A Ann Arbor, Michigan 48103 http://www.redhat.com/en/technologies/storage tel. 734-821-5101 fax. 734-769-8938 cel. 734-216-5309 _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |