Managing Permissions

Understanding Permissions

VPSA Object Storage provides 2 levels of permissions: Account and Container.

Both permissions types are enforced on account Members only, account Admins will always have all permissions.

Account-level permissions enforce Read (listing) and Write (creating/deleting) option for containers under an account.

Container-level permissions enforce Read (list/download) and Write (upload/delete) options for objects under container.

Default Permissions:

An account is created with default Account-level permissions that allow all account members to list/create/delete containers in the account.

The Account-level permissions can be set after account is created, by Account admin or ZIOS admin.

image57

  • Container is created with default Container-level permissions that allow all account members to list/get/put/delete objects in the container.

The Container-level permissions can be set after container is created, by account admin or ZIOS admin.

image58

Setting Account Permissions (Account Admin)

Account-level permissions are set in Account south panel of the GUI by the account admin.

image59

It can be set globally (apply on ALL account members), or explicitly per member or members list.

When setting permission per member or members list, the global setting is removed.

To set an explicit permission per user:

  • Click on Add button in the permission tab

  • Set the required permissions per user

  • Click the Save button

image60

The global permissions were removed when the member was added:

image61

When setting the global permissions back, the member permissions will be removed.

Use the Save button in the down right corner to set permissions in the south tab.

Setting Container Permissions (Account Admin)

Container-level permissions are set in Container south panel in ZIOS Console by the account admin.

image62

It can be set globally (apply on ALL account members), or explicitly per member or members list.

When setting permission per member or members list, the global setting is removed.

Note

By making a container public (Make Public/Private button) any user can list this container’s objects (using “referral” API) even without permissions for this container.*

To set an explicit permission per user:

  • Select the Container of interest

  • Click on Add button in the permission tab

  • Set the required permissions per member

  • Click the Save button

The global permissions were removed when the member was added:

When setting the global permissions back, the member permissions will be removed.

Use the Save button in the down right corner to set permissions in the south tab.