Modifying Ceph user

The ceph auth caps command allows you to specify a user and change the user’s capabilities.

Prerequisites

A running IBM Storage Ceph cluster.
Root-level access to the node.

Procedure

To add capabilities, use the form:

Syntax

ceph auth caps USERTYPE.USERID DAEMON 'allow [r|w|x|*|...] [pool=POOL_NAME] [namespace=NAMESPACE_NAME]'

Example

[ceph: root@host01 /]# ceph auth caps client.john mon 'allow r' osd 'allow rw pool=mypool'
[ceph: root@host01 /]# ceph auth caps client.paul mon 'allow rw' osd 'allow rwx pool=mypool'
[ceph: root@host01 /]# ceph auth caps client.brian-manager mon 'allow *' osd 'allow *'

To remove a capability, you may reset the capability. If you want the user to have no access to a particular daemon that was previously set, specify an empty string:

Example
```
[ceph: root@host01 /]# ceph auth caps client.ringo mon ' ' osd ' '
```

Reference

For more information about capabilities, see Ceph user management background.