S3 access control lists
Ceph Object Gateway supports S3-compatible Access Control Lists (ACL) functionality.
An ACL is a list of access grants that specify which operations a user can perform on a bucket or on an object. Each grant has a different meaning when applied to a bucket versus applied to an object, as listed in Table 1.
| Permission | Bucket | Object |
|---|---|---|
|
|
Grantee can list the objects in the bucket. |
Grantee can read the object. |
|
|
Grantee can write or delete objects in the bucket. |
N/A |
|
|
Grantee can read bucket ACL. |
Grantee can read the object ACL. |
|
|
Grantee can write bucket ACL. |
Grantee can write to the object ACL. |
|
|
Grantee has full permissions for object in the bucket. |
Grantee can read or write to the object ACL. |