Creating or modifying S3 groups

You can simplify bucket access by creating groups of users with appropriate access authorizations.

S3 users in an S3-enabled SVM must already exist.

Users in an S3 group can be granted access to any bucket in an SVM but not in multiple SVMs. Group access permissions can be configured in two ways:

At the bucket level
After creating a group of S3 users, you specify group permissions in bucket policy statements and they apply only to that bucket.
At the SVM level
After creating a group of S3 users, you specify object server policy names in the group definition. Those policies determine the buckets and access for the group members.

Create an S3 group: vserver object-store-server group create -vserver svm_name -name group_name -users user_name(s) [-policies policy_names] [-comment text]

The -policies option can be omitted in configurations with only one bucket in an object store; the group name can be added to the bucket policy.

The -policies option can be added later with the vserver object-store-server group modify command after object storage server policies are created.

Give documentation feedback