On 24/01/2019, Marc Roos wrote:
>
>
> This should do it sort of.
>
> {
> "Id": "Policy1548367105316",
> "Version": "2012-10-17",
> "Statement": [
> {
> "Sid": "Stmt1548367099807",
> "Effect": "Allow",
> "Action": "s3:ListBucket",
> "Principal": { "AWS": "arn:aws:iam::Company:user/testuser" },
> "Resource": "arn:aws:s3:::archive"
> },
> {
> "Sid": "Stmt1548369229354",
> "Effect": "Allow",
> "Action": [
> "s3:GetObject",
> "s3:PutObject",
> "s3:ListBucket"
> ],
> "Principal": { "AWS": "arn:aws:iam::Company:user/testuser" },
> "Resource": "arn:aws:s3:::archive/folder2/*"
> }
> ]
> }
Does this work well for sub-users? I hadn't worked on them as we were
focusing on the tenant/user case, but if someone's been using policy
with sub-users, I'd like to hear their experience and any problems
they run into.
--
Senior Software Engineer Red Hat Storage, Ann Arbor, MI, US
IRC: Aemerson@OFTC, Actinic@Freenode
0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C 7C12 80F7 544B 90ED BFB9
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
