Probably a question for @yehuda :

We have fairly strict user accountability requirements.  The best way we
have found to meet them with S3 object storage on Ceph is by using RadosGW
subusers.

If we set up one user per bucket, then set up subusers to provide separate
individual S3 keys and access rights for different people or services using
that bucket, then we can track who did what via access key in the RadosGW
logs (at debug_rgw = 10/10).

Of course, this is not a documented use case for subusers.  I'm wondering
if Yehuda or anyone else could estimate our risk of future incompatibility
if we implement user/key management around subusers in this manner?

Thanks,

Trey
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to