Ask Your Question
0

How could I force different users in the same tenant with different read/write permission on swift container?

asked 2012-10-15 07:38:40 -0500

In my test(Essex)(Swift + Keystone), the different users in the same tenant use the same swift account. But I noticed all the users in the same tenant have the same read/write permission. How could I force different users in the same tenant with different read/write permission on swift container? Example: There is a swift container "Container1" tenant1:user1 has all the read/write permission on Container1 tenant1:user2 only has read permission on Container1 tenant1:user3 can not either read nor write permission on Container1

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2012-10-22 02:14:47 -0500

I noticed the proxy-server.conf-sample of swift(V1.7.4) has following description. It is not in swift V1.4.8.

[filter:keystoneauth]

use = egg:swift#keystoneauth

Operator roles is the role which user would be allowed to manage a

tenant and be able to create container or give ACL to others.

operator_roles = admin, swiftoperator

So I assing tenant1:user1 with the role swftoperator. And aissign tenant1:user2 and tenant1:user3 with the role which not in operator_roles. tenant1:user2 or tenant1:user3 really can not access the "Container1" which tenant1:user1 created. Then tenant1:user1 create acl on "Container1". Finally, tenant1:user2 can read only on "Container1".

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-10-15 07:38:40 -0500

Seen: 57 times

Last updated: Oct 22 '12