Primary access keys and sub-access keys
You must use a primary access key to share transfer access outside your AoC organization, such as with a vendor or other collaborator, or with a downstream on-prem application like Aspera Faspex, Shares, or Console. Use a sub-access key to share transfer access inside your AoC org, such as when delegating access and management tasks to a workspace manager.
Primary access keys
Use a primary access key to give a user or application outside Aspera on Cloud transfer credentials to access the content assets on that node.
- Using the Node API; see the /access_keys endpoint in the IBM Aspera Node API documentation on IBM API hub.
- Using the Aspera on Cloud application, when attaching a new transfer node to the AoC organization. The new node may be a customer-managed Aspera HSTS node or cluster, or it may be an ATS node that attaches the customer's cloud object storage.
Sub-access keys
Use a sub-access key to delegate certain administrative tasks and contextual content access to another AoC admin or to a workspace manager without having to distribute the primary access key. You can create a sub-access key only on a sub-directory of another access key.
- A client sub-access key (also called a workspace access key) gives an admin or workspace manager contextual access and management rights within the root folder of a given workspace on the node.
- A folder sub-access key gives an admin or workspace manager access and management
rights in a folder in cloud storage or in
an administratively shared folder.
Note that a folder sub-access key is a different access credential than the sharing permissions set on a shared folder. Access through a folder sub-access key is full access to folder contents;such access is not restricted to the actions allowed through sharing permissions.