Access control lists

HCP supports access control lists (ACLs) only for containers. An ACL grants specified Keystone authenticated users permissions to perform specific operations within a container. ACLs can also make containers public.

A container ACL grants permissions to perform operations on a container and on all objects in the container. For example, an ACL for a container could grant public read permission for that container. In this case any authenticated users can retrieve any objects in that container. Unauthenticated users may also be granted read access in this case, but only if the HCP tenant administrator has allowed unauthenticated users access to the namespace via namespace protocol settings.

Through HSwift ACLs, you can either grant container permissions to specific Keystone users or make containers public. User ACLs that have been set on a container may be viewed by an authorized user by using the GET or HEAD method on the container. User ACLs are not visible through the Tenant Management Console. If you make a container public, its permissions appear in the Protocol tab of the Namespace page, under the Minimum Data Access Permissions panel on the Tenant Management Console.

You can add an ACL to a container when you create the container or in a separate operation. When you add an ACL to an existing container that already has an ACL, the new ACL replaces the old one in its in entirety.

Permissions granted by HSwift ACLs apply to the container regardless of the protocol or API used to access the container.

Note: HSwift does not support the configuration of object ACLs although they can be set through other interfaces.

Trademarks and Legal Disclaimer

© 2017 Hitachi Data Systems Corporation. All rights reserved.