Setting S3 bucket policies with multi-tenants

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I'm running Ceph Quincy (17.2.6) with a rados-gateway. I have muti tenants,
for example:

   - Tenant1$manager
   - Tenant1$readwrite

I would like to set a policy on a bucket (backups for example) owned by
*Tenant1$manager* to allow *Tenant1$readwrite* access to that bucket. I
can't find any documentation that discusses this scenario.

Does anyone know how to specify the Principle and Resource section of a
policy.json file? Or any other configuration that I might be missing?

I've tried some variations on Principal and Resource including and
excluding tenant information, but not no luck yet.

For example:
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": {"AWS": ["arn:aws:iam:::user/*Tenant1$readwrite*"]},
    "Action": ["s3:ListBucket","s3:GetObject", ,"s3:PutObject"],
    "Resource": [

I'm using s3cmd for testing, so:
s3cmd --config s3cfg.manager setpolicy policy.json s3://backups/
s3://backups/: Policy updated

And then testing:
s3cmd --config s3cfg.readwrite ls s3://backups/
ERROR: Access to bucket 'backups' was denied
ERROR: S3 error: 403 (AccessDenied)

ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux