Thanks for the reponse. Will try this ourt if I need these finer grade access
controls.
--
Mark Selby
Sr Linux Administrator, The Voleon Group
mse...@voleon.com
This email is subject to important conditions and disclosures that are listed
on this web page:
“A role always provides access to resources in the tenant in which it is
created.” – This is the secret sauce ingredient I was missing.
Thanks for taking the time out to respond. The big point that I was not seeing,
because of tunnel visions, is that mostly all of the STS resources: oidc
Alternatively, if you want to restrict access to s3 resources for different
groups of users, then you can do so by creating a role in a tenant, and
then create s3 resources and attach tags to them and then use ABAC/ tags to
allow a user to access a particular resource (bucket/ object). Details
Hi Mark,
On Wed, Mar 9, 2022 at 6:57 AM Mark Selby wrote:
> I am not sure that what I would like to do is even possible. I was hoping
> there is someone out there who could chime in on this.
>
>
>
> We use Ceph RBD and Ceph FS somewhat extensively and are starting on our
> RGW journey.
>
>
>
>