VAST Cluster features a local authorization provider. The local provider enables you to add users and manage them manually via VMS rather than adding them to an external provider. This feature is useful for:
-
Adding users when you do not have an external provider configured. (This is an option for NFS and S3 access.)
-
Adding users who are not defined on external providers who specifically need S3 access. (Users who are defined on external providers can be assigned S3 permissions without being added to the local provider.)
-
Adding POSIX attributes for a user who is defined on Active Directory but only has SMB attributes there and is not defined in an additional configured external provider. In this case, use the same user name as is used on Active Directory so that the user database will associate these attributes to the same user.
-
Adding users to manually override incorrect or outdated attributes on external providers.
In case of any conflict between user attributes on any external authorization provider and the local provider, the local provider attributes override the non local provider. For more details, see Understanding User Management and Authorization
Local users are created with a UID and user name that you supply manually. A unique SID is generated by the cluster for each local user. You can specify the user's leading group and other groups by name, using names of manually added groups.
Note
Local provider user entries are not included in S3 backup.
-
From the left navigation menu, select User Management and then Users.
-
Click Create User and complete the following fields:
Field
Description
Name (required)
The user name.
UID (required)
The user's POSIX UID.
Leading Group
The name of the user's leading (aka primary) group, which is the group assigned by default as the owning group of any files created by the user.
Select the group from the dropdown. If the group was not yet added to the local provider, add the group first.
Groups
Names of other groups that the user belongs to beside the primary group. Also known as auxiliary groups.
Select groups from the dropdown. If a group was not yet added to the local provider, add the group first.
Allow create bucket
Enable this setting to give the user permission to create S3 buckets.
Disabled by default.
Allow delete bucket
Enable this setting to give the user permission to delete S3 buckets.
S3 Superuser
Enable this setting to give the user permission to override ACLs.
-
Click Create.
The user is created. The dialog switches to the Update User dialog, and the Create new key button now appears. This is to enable you to grant the user S3 access.
-
Click Update.
The new local user is displayed in the Users page.
To manage local users via the CLI, use the following commands.
To do this task... |
Use this command... |
---|---|
Add a user. |
|
Modify a user. |
|
Query local users. |
|
Display all local users. |
|
Display details of a specific local user. |
user show |
Comments
0 comments
Article is closed for comments.