User roles and permissions

Learn the different authorizations, also known as capabilities needed for an authenticated user to properly use monitors, OSDs, and metadata servers with IBM Storage Ceph. The user roles and permissions restrict access to data within a pool or a pool namespace. A Ceph administrator can set a user's capabilities when creating or updating a user for the Ceph-CSI driver. Only certain user roles have access for creating Secrets and StorageClass files.

Setting permissions

Set the following permissions for provisioner, controller expansion, and node stage Secrets in a StorageClass:
mgr "profile rbd pool=csi"
osd "profile rbd pool=csi"
mon "profile rbd"

Creating a user with required capabilities

Create a user with the necessary capabilities for for provisioner and node stage Secret in Ceph Block Device:
ceph auth get-or-create client.csi-rbd \ 
    mgr "profile rbd pool=csi" \ 
    osd "profile rbd pool=csi" \
    mon "profile rbd"