I tried with these, but didn't get any results "arn:aws:iam::Company:user/testuser:testsubuser" "arn:aws:iam::Company:subuser/testuser:testsubuser" -----Original Message----- From: Adam C. Emerson [mailto:aemerson@xxxxxxxxxx] Sent: vrijdag 25 januari 2019 16:40 To: The Exoteric Order of the Squid Cybernetic Subject: Re: Radosgw s3 subuser permissions On 24/01/2019, Marc Roos wrote: > > > This should do it sort of. > > { > "Id": "Policy1548367105316", > "Version": "2012-10-17", > "Statement": [ > { > "Sid": "Stmt1548367099807", > "Effect": "Allow", > "Action": "s3:ListBucket", > "Principal": { "AWS": "arn:aws:iam::Company:user/testuser" }, > "Resource": "arn:aws:s3:::archive" > }, > { > "Sid": "Stmt1548369229354", > "Effect": "Allow", > "Action": [ > "s3:GetObject", > "s3:PutObject", > "s3:ListBucket" > ], > "Principal": { "AWS": "arn:aws:iam::Company:user/testuser" }, > "Resource": "arn:aws:s3:::archive/folder2/*" > } > ] > } Does this work well for sub-users? I hadn't worked on them as we were focusing on the tenant/user case, but if someone's been using policy with sub-users, I'd like to hear their experience and any problems they run into. -- Senior Software Engineer Red Hat Storage, Ann Arbor, MI, US IRC: Aemerson@OFTC, Actinic@Freenode 0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C 7C12 80F7 544B 90ED BFB9 _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com