Storage Users

Swift Users (alice) are primarily people who each have a username and password. Secondarily, Swift Accounts (AUTH_alice) are usually created for each user as a default location (https://192.168.22.100/v1/AUTH_alice) for that user to store their objects.

Users have authorization to update account metadata, create containers and upload objects into those containers in their own account. Users are not authorized to delete their accounts via commands to Swift. Users may provide access to individual containers in their accounts to other users using Swift's Container ACLs mechanism. Users may also permit other users to add containers or modify account metadata, using Account ACLs.

If many users need access to the same account, see Account ACLs.

Accounts have containers, and containers store objects. Containers logically reside in accounts, so a container named “Documents” in two different storage accounts are two distinct containers within the cluster. URLs in the API contain the storage account, container name, and object name.

For example, in the URL https://192.168.22.100/v1/AUTH_alice/Documents/invoice001.pdf, the user's username is "alice", the account is “AUTH_alice”, the container name is “Documents”, and the object name is “invoice001.pdf”.

In the SwiftStack Controller console, you will need to set up a minimum of one user account with a password. The SwiftStack Auth middleware will allow the user to perform operations on the Swift account AUTH_<username>.

If the cluster does not have any user accounts yet, and there is at least one enabled node, then the Manage Cluster page Deploy tab will have a create a user link:

../../_images/deploy-create-a-user.png

Otherwise, Swift Users can be managed by clicking on the Users/Accounts button for the cluster on the Cluster List page.

../../_images/cluster-list.png

Create User

Click the Create New User button to open the dialog box.

../../_images/new-user-account.png

../../_images/create-new-user-modal.png

The optional Superuser checkbox gives the User the capability to read and write to all Accounts on the cluster. Superusers also have the ability to create and delete Swift Accounts directly on the cluster. One example of the use of this setting would be to create a reseller account.

The Enabled checkbox indicates that a User is enabled; i.e. someone with the username and password can authenticate with Swift as this User. If you wish to deny access for a User, uncheck this box. This might be useful to temporarily disable someone's access to Swift without having to go to the trouble of deleting their data or something similar.

Fill in the fields and click Add New SwiftStack Auth User.

Note

Swift Accounts created directly on the cluster by a Superuser are not listed on the Manage Users/Accounts page, nor are they affected by the Deploy Changes or Push Users to Cluster operations.

Note

Accounts managed by external auth systems like LDAP-based Authentication for SwiftStackAuth or Keystone cannot be managed on this page.

Remove User

../../_images/existing-users.png

Existing Swift Users may be deleted by clicking on their Remove User button.

Change Password

../../_images/change-user-password.png

The password for an existing user may be changed by clicking on the Change Password button, filling in the password fields, and clicking on the right-hand Change Password button.

Users can also have their Superuser and Enabled statuses changed.

Push Users

Upon adding, deleting, or changing users on this page, either a link or a button will appear at the top of the page.

If you've never deployed changes to this cluster before, there will be a link to the Deploy page.

../../_images/deploy_users.png

If this cluster has been deployed, then User Accounts can be pushed without a full Deploy.

../../_images/push_users.png

If there is an error pushing User Accounts, a Account Push Failed alert will appear on the Alerts page.