Managing Permissions¶
Understanding Permissions¶
VPSA Object Storage provides 2 levels of permissions: Account and Container.
Both permissions types are enforced on account Members only, account Admins will always have all permissions.
Account-level permissions enforce Read (listing) and Write (creating/deleting) option for containers under an account.
Container-level permissions enforce Read (list/download) and Write (upload/delete) options for objects under container.
Default Permissions:
An account is created with default Account-level permissions that allow all account members to list/create/delete containers in the account.
The Account-level permissions can be set after account is created, by Account admin or VPSA Object Storage admin.
Container is created with default Container-level permissions that allow all account members to list/get/put/delete objects in the container.
The Container-level permissions can be set after container is created, by account admin or VPSA Object Storage admin.
Setting Account Permissions (Account Admin)¶
Account-level permissions are set in Account south panel of the GUI by the account admin.
It can be set globally (apply on ALL account members), or explicitly per member or members list.
When setting permission per member or members list, the global setting is removed.
To set an explicit permission per user:
Click on Add button in the permission tab
Set the required permissions per user
Click the Save button
The global permissions were removed when the member was added:
When setting the global permissions back, the member permissions will be removed.
Use the Save button in the down right corner to set permissions in the south tab.
Setting Container Permissions (Account Admin)¶
Container-level permissions are set in Container south panel in VPSA Object Storage Console by the account admin.
It can be set globally (apply on ALL account members), or explicitly per member or members list.
When setting permission per member or members list, the global setting is removed.
Note
By making a container public (Make Public/Private button) any user can list this container’s objects (using “referral” API) even without permissions for this container.*
To set an explicit permission per user:
Select the Container of interest
Click on Add button in the permission tab
Set the required permissions per member
Click the Save button
The global permissions were removed when the member was added:
When setting the global permissions back, the member permissions will be removed.
Use the Save button in the down right corner to set permissions in the south tab.