Skip to main content

Creating an S3 user

User authorization is required on all ONTAP object stores in order to restrict connectivity to authorized clients.

An S3-enabled SVM must already exist.

An S3 user can be granted access to any bucket in an SVM but not in multiple SVMs.

When you create an S3 user, an access-key and a secret-key will be generated. They must be shared with the user along with the object store's FQDN and bucket name. S3 users' keys can be displayed with the vserver object-store-server user show command.

You can grant specific access permissions to S3 users in a bucket policy or an object server policy.

Note
When an object store server is created, a root user (UID 0) is created, a privileged user with access all buckets. Rather than administering ONTAP S3 as root user, it is a best practice to create an admin user role with specific privileges.
Create an S3 user: vserver object-store-server user create -vserver svm_name -user user_name [-comment text]