Hi,
I'm new to bucket policies. I'm trying to create a sub-user that has
only read-only access to all the buckets of the main user. I created
the below policy, I can't create or delete files, but I can still
create buckets using "rclone mkdir". Any idea what I'm doing wrong?
I'm using ceph quincy.
radosgw-admin subuser create --uid=main_user --subuser=eosn_read
--access=read
radosgw-admin key create --subuser=main_user:sub_user --key-type=s3
--access-key xxxx --secret-key xxxx
s3cmd setpolicy policy.txt s3://somebucket
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam:::user/main_user:sub_user"
]
},
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetObjectTagging",
"s3:GetObjectRetention",
"s3:GetObjectLegalHold"
],
"Resource": "arn:aws:s3:::*"
}
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
