Update, I managed to limit the user privilege by modifying the user's op-mask to read as follows: ``` radosgw-admin user modify --uid=<username> --op-mask=read ```
And to rollback its default privileges: ``` radosgw-admin user modify --uid=<username> --op-mask="read,write,delete" ``` Kind regards, Charles Alva Sent from Gmail Mobile On Sun, Sep 29, 2019 at 5:00 PM Charles Alva <charlesa...@gmail.com> wrote: > Hi Cephalopods, > > I'm in the process of migrating radosgw Erasure Code pool from old cluster > to Replica pool on new cluster. To avoid user write new object to old pool, > I want to set the radosgw user privilege to read only. > > Could you guys please share how to limit radosgw user privilege to read > only? > > I could not find any clear explanation and example in the Ceph > radosgw-admin docs. Is it by changing the user's caps or op_mask? Or > setting the civetweb option to only allow HTTP HEAD and GET methods? > > Kind regards, > > Charles Alva > Sent from Gmail Mobile >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
