Policy examples

Sander · ‎2019-09-13

Hi team,

i've been struggling for a while now and the end-result was not satisfying. We got a Netapp StorageGrid environment with several tenants. Now i want to give certain users in a group access to only one bucket in a tenant. They should only see this bucket and have only read-access to this bucket. Other users are allowed to see all other buckets and have r/w access. Now, i'm testing with S3 browser but that's not very successfull, when i modify the org read-only group-policy to the following:

{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets", <---- When i want to see only "testbucket" do i need to remove this?
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:GetObjectVersion",
"s3:GetObjectVersionTagging"
],
"Resource": "arn:aws:s3:::testbucket/*"
}
]
}

So all users in group read-only should only see testbucket and have read-only rights on it's content. Could it be that it's S3-browser that's incompatible?

Anumode · ‎2019-09-15

Please refer to the StorageGRID documentation

Policy examples

Use the examples in this section to build StorageGRID Webscale access policies for buckets and groups

https://docs.netapp.com/sgws-110/index.jsp?topic=%2Fcom.netapp.doc.sg-s3%2FGUID-611AA26F-E29F-4944-BC8C-DADDF5385542.html

Netapp StorageGrid policies

Policy examples

StorageGrid bucket policy variables

Join StorageGrid to BlueXP fail

snaplock policy

Netapp - snapshot policy fro root vols

How to backup StorageGRID itself