Access management
User accounts in Deep Archive with programmatic access set to yes can view buckets that they created and the contents in the buckets by using their S3 access keys.
Any user accounts with management access set to admin or viewer can view the names of all buckets
in the system by using
tcmgr bucket list command. The following example shows that
a user account can view its buckets and the contents in
them.$ AWS_ACCESS_KEY_ID=user1-aws-access-key-id AWS_SECRET_ACCESS_KEY=user1-aws-secret-access-key aws --endpoint https://my-domain-name:443 s3 ls
2024-05-13 12:23:27 user1bucket2
2024-05-13 12:23:23 user1bucket1
$ AWS_ACCESS_KEY_ID=user1-aws-access-key-id AWS_SECRET_ACCESS_KEY=user1-aws-secret-access-key aws --endpoint https://my-domain-name:443 s3 ls s3://user1bucket1
2024-05-13 14:08:19 1048576000 file1GThe following example shows that a user account cannot access the buckets whose owner is not
it.
$ AWS_ACCESS_KEY_ID=user2-aws-access-key-id AWS_SECRET_ACCESS_KEY=user2-aws-secret-access-key aws --endpoint https://my-domain-name:443 s3 ls
2024-05-13 14:14:27 user2bucket2
$ AWS_ACCESS_KEY_ID=user2-aws-access-key-id AWS_SECRET_ACCESS_KEY=user2-aws-secret-access-key aws --endpoint https://my-domain-name:443 s3 ls s3://user1bucket1
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access DeniedThe following example shows that any user accounts with management access set to admin or viewer
can view the names of all buckets in the system by using
tcmgr bucket list
command.$ tcmgr bucket list
Date/Time: May 13, 2024, 02:17:26 PM +09:00; IBM Deep Archive Version: 1.1.0
Name
============
user1bucket1
user1bucket2
user2bucket1