Access Control Lists (ACLs) allow us to have greater control over individual objects and containers without requiring full read/write access to a particular container. With ACLs you can expose containers globally or restrict to individual tenants and users.
Log in to a computer that has the keystone and swift clients available.
Carry out the following steps:
We will first create an account in our OpenStack Identity Server that is only a Member in the cookbook. We will call this user, user.
With our new user created, we will now create a container using a user that has admin privileges (and therefore a container that our new user initially doesn’t have access to), as follows:
We will then set this container to be Read-Only for our user named user, as follows:
We will try to upload a file to this container using our new user, as follows:
This brings back an HTTP 403 Forbidden message similar to the following
We will now give write access to the test ACL container for our user by allowing them write access to the container:
When we repeat the upload of the file, it has now succeeded as shown below:
Granting access control is done on a container basis and is achieved at the user level. When a user creates a container, other users can be granted access by adding other users to the container. The users will then be granted read and write access to containers, for example:
Get Updates on Tech posts, Interview & Certification questions and training schedules