VMware Cloud Director Object Storage Extension 3.1

3.1 3.0
Português (Brasil) 简体中文 Deutsch Español Français Italiano 日本語 한국어 繁體中文 English

Sharing Buckets

You can share one bucket at a time.
To share a bucket, you can use access control lists or bucket policies.
Access control lists allow you to implement fine grained control over your buckets and the objects using the buckets. To share a bucket with an access control list, you edit the access permissions to the bucket by using the built-in canned access control lists, or by creating a custom access control list.
Bucket policies allow you to implement global control over your buckets. They can only be assigned to buckets but not to the objects in the bucket.

Access Control Lists

Use access control lists to manage access to buckets.
You can use access control lists to grant access to buckets. Access control lists define who has access to your buckets and what level of access they have. There are two types of access control lists:
  • Canned access control lists are predefined.
  • Custom access control lists can be modified to your needs.
Before you share a bucket using an access control list, you must verify that you have the required set of rights.
If you are an ...
You can ...
organization administrator
share buckets that users in your organization own.
organization user
share buckets that you own.
  • Alternatively, the owner must assign one of the following sets of permissions for the bucket to your user account.
    • Read of Bucket
      ,
      Write of Bucket
      ,
      Read of ACL
      , and
      Write of ACL
    • Read of Bucket
      ,
      Read of ACL
      , and
      Write of ACL
    • Full Control

Share a Bucket Using a Canned Access Control List

Canned access control lists are predefined, built-in access control lists that you can use to share buckets within your organization or publicly over the Internet.
Setting a canned access control list to a bucket overwrites existing permissions configuration for the bucket.
  1. Log in to the
    VMware Cloud Director tenant portal
    .
  2. In the primary left navigation panel, under
    More
    , select
    Object Storage
    .
  3. In the
    Buckets
     pane, click the name of the bucket that you want to share.
  4. On the
    Permissions
     tab, click
    Set Canned ACL
    .
  5. Select a canned access control list name for the bucket and click
    Set ACL
    .
    Private
    Only the bucket owner and the
    organization administrator
     can access the bucket.
    Public Read
    Grants
    Read
     permissions on the bucket to all users.
    Public Read/Write
    Grants
    Read
     and
    Write
     permissions on the bucket to all users.
    Authenticated Users Read
    Grants
    Read
     permissions to all authenticated
    VMware Cloud Director
     users.
    Tenant Read
    Grants
    Read
     permissions on the bucket to all users within the
    VMware Cloud Director
     organization.
    If you use the
    ECS
     storage platform, this option is not available.
    If you use
    AWS S3
    , this option is not available.
    Tenant Read/Write
    Grants
    Read
     and
    Write
     permissions on the bucket to all users within the
    VMware Cloud Director
     organization.
    If you use
    ECS
     or
    AWS S3
    , this option is not available.
    System Logger
    To write bucket logs,
    VMware Cloud Director Object Storage Extension
     uses the System Logger account. Modifying the permissions of the System Logger account for a logging target bucket might result in failure to write bucket logs. For more information, see Bucket Logs.
    If you use the
    ECS
     storage platform, this option is not available.

Share a Bucket Using a Custom Access Control List

You can share buckets with users in your organization by creating a custom access control list.
The following table describes the available access control list options.
Option
Description
Full Control
Grants
Read
 and
Write
 permissions on the bucket, and
Read
 and
Write
 permissions for the access control list of the bucket.
Read of Bucket
Grants
Read
 permissions on the bucket.
Write of Bucket
Grants
Write
 permissions on the bucket.
Read of ACL
Grants
Read
 permissions on the access control list of the bucket.
Write of ACL
Grants
Write
 permissions on the access control list of the bucket.
  1. Log in to the
    VMware Cloud Director tenant portal
    .
  2. In the primary left navigation panel, under
    More
    , select
    Object Storage
    .
  3. In the
    Buckets
     pane, click the name of the bucket that you want to share.
  4. On the
    Permissions
     tab, click
    Edit
    .
  5. Configure the required set of permissions for the bucket and click
    Save
    .
    • To share the bucket with users from your tenant organization, use the toggle buttons in the
      Tenant Users
       row.
      If you use the
      ECS
       storage platform, this option is not available.
    • To share the bucket with authenticated users from all tenant organizations, use the toggle buttons in the
      Authenticated Users
       row.
    • To share the bucket with all users, use the toggle buttons in the
      Public
       row.
    • To share the bucket with specific users within your organization, click the
      Add User
       button, select the user, and use the toggle buttons in the corresponding row.
    • To write bucket logs,
      VMware Cloud Director Object Storage Extension
       uses the System Logger account. Modifying the permissions of the System Logger account for a logging target bucket might result in failure to write bucket logs. For more information, see Bucket Logs.
      If you use the
      ECS
       storage platform, this option is not available.

Bucket Policies

With bucket policies, you allow or deny an action to a resource in a bucket. You can also define conditions within a policy.
To grant access permissions to your bucket and the objects in it, you use bucket policies. Bucket policies are an important element in securing your buckets against unauthorized access.
Bucket policies consist of policy statements and are limited to 20 KB in size. You can create a single policy per bucket, but you can add multiple statements to a single policy.
Bucket policies use a JSON-based language. See Policies and Permissions in Amazon S3 .
VMware Cloud Director Object Storage Extension
 provides a policy editor that you can use instead of the JSON editor.
Only the bucket owner can create and edit bucket policies.

Create a Bucket Policy

To create a bucket policy, you define rules and conditions for accessing the objects in a bucket.
To create a bucket policy, you must be the owner of the bucket.
  1. Log in to the
    VMware Cloud Director tenant portal
    .
  2. In the primary left navigation panel, under
    More
    , select
    Object Storage
    .
  3. In the
    Buckets
     pane, click the name of the bucket that you want to edit.
  4. On the
    Permissions
     tab, click text in the bucket policy area.
  5. Enter the details of the policy and click
    Save
    .
    • You can use the policy editor to enter ID, effect, settings, and conditions for the policy.
    • You can use the JSON editor to enter the policy statements.
    • To create a
      Public Read
       or
      Public Read/Write
       policy, click the respective shortcut.

Content feedback and comments