How to configure Swift to allow a user only creation of objects and deny modify/delete?
My case is that I provide a web service which receives and serves files using remote openstack swift storage and I want that in case of a credential compromise at the web service level, the person who gains access to those credentials would not be able to alter existing files.
I have created only one user for the web service. I have no problem in using the standard Swift ACL, except that ACLs seem to have only Unix-like permissions: read and write. I was hoping for a little more granular permissions, like delete and modify (in addition to read and write).
Does Swift support richer permissions or is there a way to configure ACL so that for a certain user it allows creation of new objects, but denies deletion and modification of existing objects?
@Mihai I have edited your question to be more precise. Feel free to add also an explanation as of why your use case is not covered by a simple negation of write. you mentioned security which IMHO is covered by simply removing write access.
@smaffulli You pretty much said it yourself in the edit: I still want my web service to be able to put new objects. That's all I need it to be able to do: put new objects and get existing objects. No updating, no deleting existing ones. Wish the permissions were more Windows-like...