Re: ACL for user in another teant

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Pritha,

Thanks for the reply. Please find the user list, bucket list and also the
command which I have used.

[root@vishwas-test cluster]# radosgw-admin user list
[
    "tenant2$Jerry",
    "tenant1$Tom"
]

[root@vishwas-test cluster]# radosgw-admin bucket list
[
    "tenant2/jerry-bucket"
]

[root@vishwas-test cluster]# s3cmd info --access_key=HVTKORMH8LLDF76TKQGI
--secret_key=9XFcvgMm4yBncA8D9SguEMVSBsUkhuuRLSbyuUPp s3://jerry-bucket
s3://jerry-bucket/ (bucket):
   Location:  default
   Payer:     BucketOwner
   Expiration Rule: none
   Policy:    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Principal": {"AWS": ["arn:aws:iam::tenant1:user/Tom"]},
      "Action": ["s3:ListBucket"],
      "Effect": "Allow",
      "Resource": "s3://tenant2/jerry-bucket"
    }
  ]
}
   CORS:      none
   ACL:       Jerry: FULL_CONTROL


When I try to list using Tom access keys, I get below error:
[root@vishwas-test cluster]# s3cmd --access_key=GY40PHWVK40A2G4XQH2D
--secret_key=bKq36rs5t1nZEL3MedAtDY3JCfBoOs1DEou0xfOk ls s3://jerry-bucket

*ERROR: Bucket 'jerry-bucket' does not existERROR: S3 error: 404
(NoSuchBucket)*


*Thanks & Regards,*

*Vishwas *


On Thu, May 14, 2020 at 11:54 AM Pritha Srivastava <prsrivas@xxxxxxxxxx>
wrote:

> Hi Vishwas,
>
> Bucket policy should let you access buckets in another tenant.
> What exact command are you using?
>
> Thanks,
> Pritha
>
> On Thursday, May 14, 2020, Vishwas Bm <bmvishwas@xxxxxxxxx> wrote:
>
>> > Hi,
>> >
>> > I have two users both belong to different tenant.
>> >
>> > Can I give permission for the user in another tenant to access the
>> bucket
>> > using setacl or setPolicy command ?
>> > I tried the setacl command and setpolicy command, but it was not
>> working ?
>> > It used to say bucket not found, when the grantee tried to access.
>> >
>> > Is this supported ?
>> >
>> > *Thanks & Regards,*
>> > *Vishwas *
>> >
>>
>> >
>> _______________________________________________
>> ceph-users mailing list -- ceph-users@xxxxxxx
>> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>>
>>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux