Blog

Using OpenStack Object Storage ACLs

  • (4.0)
  •   |   667 Ratings

Access Control Lists (ACLs) allow us to have greater control over individual objects and containers without requiring full read/write access to a particular container. With ACLs you can expose containers globally or restrict to individual tenants and users.

Learn how to use OpenStack, from beginner basics to advanced techniques, with online video tutorials taught by industry experts. Enroll for Free OpenStack Training Demo!

Getting started

Log in to a computer that has the keystone and swift clients available.

How to achieve it…

Carry out the following steps:
We will first create an account in our OpenStack Identity Server that is only a Member in the cookbook. We will call this user, user.

With our new user created, we will now create a container using a user that has admin privileges (and therefore a container that our new user initially doesn’t have access to), as follows:

We will then set this container to be Read-Only for our user named user, as follows:

We will try to upload a file to this container using our new user, as follows:

This brings back an HTTP 403 Forbidden message similar to the following



We will now give write access to the test ACL container for our user by allowing them write access to the container:

When we repeat the upload of the file, it has now succeeded as shown below:

How it works…

Granting access control is done on a container basis and is achieved at the user level. When a user creates a container, other users can be granted access by adding other users to the container. The users will then be granted read and write access to containers, for example:

HTTP://DOCS.OPENSTACK.ORG/DEVELOPER/SWIFT/API/OBJECT_API_V1_OVERVIEW.HTML

Frequently Asked OpenStack Interview Questions & Answers

 


Popular Courses in 2018

Get Updates on Tech posts, Interview & Certification questions and training schedules