local_mode - separate identity between object and file

The following points must be considered when you plan to use local_mode identity management.

• Use-case for unified file and object access in local_mode:

  • Data that is created from the object interface is available for application to run analytics by using the file interface, where ownership of files is not essential.

  • Data that is created from the file interface is accessible from the object interface after objectization of those files.

• To address this use case, object authentication setup is independent of file authentication setup. Although, you can set up object and file authentication from a common authentication server for AD or LDAP.

• Objects that are created or updated by using the object interface are owned by the swift user. Applications processing the object data from file interface need the required file ACL to access the object data.

• Data updated from the file interface after objectization is available for object access.

• Containers that are created with a unified file and object access policy that are exposed as export points need appropriate ACLs set as needed by SMB, NFS, and POSIX.

• If the object exists, existing ownership of the corresponding file is retained if retain_owner is set to yes in object-server-sof.conf. For more information, see Configuration files for IBM Storage Scale for object storage.

• Retaining ACL, extended attributes (xattrs), and Windows attributes (winattrs): If the object is created or updated over existing file then existing file ACL, xattrs, and winattrs are retained if retain_acl, retain_xattr, and retain_winattr are set to yes in object-server-sof.conf. For more information, see Configuration files for IBM Storage Scale for object storage.