Hi GM, sorry for the late reply. anmyway, you are right. in "quincy" (v17) only the owner of the bucket was allowed to set a notification on the bucket. in "reef" (v18) we fixed that, so that we follow the permissions set on the bucket. you can use the "s3PutBucketNotification" policy on the bucket to give permissions to other users to set notifications on the bucket. Yuval On Tue, Mar 26, 2024 at 4:14 AM Giada Malatesta < giada.malatesta@xxxxxxxxxxxx> wrote: > Hello everyone, > > we are facing a problem regarding the s3 operation put bucket > notification configuration. > > We are using Ceph version 17.2.6. We are trying to configure buckets in > our cluster so that a notification message is sent via amqps protocol > when the content of the bucket change. To do so, we created a local rgw > user with "special" capabilities and we wrote ad hoc policies for this > user (list of all buckets, read access to all buckets and possibility to > add, list and delete bucket configurations). > > The problems regards the configurations of all buckets except the one he > owns, when doing this put bucket notification configuration > cross-account operation we get an access denied error. > > I have the suspect that this problem is related to the version we are > using, because when we were doing tests on another cluster we were using > version 18.2.1 and we did not face this problem. Can you confirm my > hypothesis? > > Thanks, > > GM. > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |