Hi ,
You can have an admin user with full access to all users and buckets
with the `--admin`flag
(https://docs.ceph.com/en/latest/radosgw/admin/#admin-and-system-users).
Fo read-only admin you can use ceph caps , however this is applied
through Admin API ( not the s3 api ).
(https://docs.ceph.com/en/latest/radosgw/admin/#add-or-remove-admin-capabilities).
Regards
On 05.09.2025 10:08, Jacques Hoffmann wrote:
Hello Ceph:)
We are wondering if it is possible to create some RadosGW
credentials/user with readonly (and allowed to list everything) on all
buckets. We are working on a backup strategy, and it would be nice if
there was a user that can list all buckets and read all object from
all users, with just one access-key/secret-key pair. Is that possible?
Ceph Squid does support the IAM API, but that just raises more
questions than it answers. Can we get this readonly access across all
tenants, for all users and buckets, globally? I would assume that
tenants are now somewhat isolated, so maybe this is not possible. The
rules of this are fairly unclear to me currently, especially because
so far I've assumed that bucket names are globally unique, which i am
no longer sure of with multitenancy.
Thank you,
Jacques Hoffmann
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
