inline On Thu, Mar 24, 2022 at 7:22 AM Basavaraj Kirunge <kirunge@xxxxxxxxx> wrote: > > Thanks Pritha for the inputs, please find the response inline below > > 1. IAM Policy grant across tenant doesn't work. - As far as I understand, user policies are not meant to provide cross account (in our case cross tenant) access. We have bucket policies for that and also STS AssumeRole to provide cross tenant access. > Yes, you right, AssumeRole needs to be used for cross tenant access In RGW, also bucket policy can permit cross-tenant access. > > 2. IAM Policy access control for IAM actions like PutUserPolicy not working - Can you elaborate on this? > When we apply a policy to user that deny IAM actions like PUTUserPolicy/GetUserPolicy it was not working, probably caps user-policy permission is overriding this > > > Regards, > Basavaraj Kirunge > -- Matt Benjamin Red Hat, Inc. 315 West Huron Street, Suite 140A Ann Arbor, Michigan 48103 http://www.redhat.com/en/technologies/storage tel. 734-821-5101 fax. 734-769-8938 cel. 734-216-5309 _______________________________________________ Dev mailing list -- dev@xxxxxxx To unsubscribe send an email to dev-leave@xxxxxxx
