Re: Radosgw s3 subuser permissions

"Marc Roos" <M.Roos@xxxxxxxxxxxxxxxxx> · Sun, 27 Jan 2019 12:52:03 +0100

I tried with these, but didn't get any results

"arn:aws:iam::Company:user/testuser:testsubuser"
"arn:aws:iam::Company:subuser/testuser:testsubuser"

-----Original Message-----
From: Adam C. Emerson [mailto:aemerson@xxxxxxxxxx] 
Sent: vrijdag 25 januari 2019 16:40
To: The Exoteric Order of the Squid Cybernetic
Subject: Re:  Radosgw s3 subuser permissions

On 24/01/2019, Marc Roos wrote:
>
>
> This should do it sort of.
>
> {
>   "Id": "Policy1548367105316",
>   "Version": "2012-10-17",
>   "Statement": [
>     {
>       "Sid": "Stmt1548367099807",
>       "Effect": "Allow",
>       "Action": "s3:ListBucket",
>       "Principal": { "AWS": "arn:aws:iam::Company:user/testuser" },
>       "Resource": "arn:aws:s3:::archive"
>     },
>     {
>       "Sid": "Stmt1548369229354",
>       "Effect": "Allow",
>       "Action": [
>         "s3:GetObject",
>         "s3:PutObject",
>         "s3:ListBucket"
>       ],
>       "Principal": { "AWS": "arn:aws:iam::Company:user/testuser" },
>       "Resource": "arn:aws:s3:::archive/folder2/*"
>     }
>   ]
> }

Does this work well for sub-users? I hadn't worked on them as we were 
focusing on the tenant/user case, but if someone's been using policy 
with sub-users, I'd like to hear their experience and any problems they 
run into.

-- 
Senior Software Engineer           Red Hat Storage, Ann Arbor, MI, US
IRC: Aemerson@OFTC, Actinic@Freenode
0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C  7C12 80F7 544B 90ED BFB9 
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com