Update, I managed to limit the user privilege by modifying the user's op-mask to read as follows:
```
radosgw-admin user modify --uid=<username> --op-mask=read
```
And to rollback its default privileges:
```
radosgw-admin user modify --uid=<username> --op-mask="read,write,delete"
```
```
radosgw-admin user modify --uid=<username> --op-mask=read
```
And to rollback its default privileges:
```
radosgw-admin user modify --uid=<username> --op-mask="read,write,delete"
```
Kind regards,
Charles Alva
Sent from Gmail Mobile
On Sun, Sep 29, 2019 at 5:00 PM Charles Alva <charlesalva@xxxxxxxxx> wrote:
Hi Cephalopods,I'm in the process of migrating radosgw Erasure Code pool from old cluster to Replica pool on new cluster. To avoid user write new object to old pool, I want to set the radosgw user privilege to read only.Could you guys please share how to limit radosgw user privilege to read only?I could not find any clear explanation and example in the Ceph radosgw-admin docs. Is it by changing the user's caps or op_mask? Or setting the civetweb option to only allow HTTP HEAD and GET methods?Kind regards,
Charles Alva
Sent from Gmail Mobile
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
