...
...
...
...
...
...
...
| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
The Gateway creates SCSP context sub-resources to allow the specification of identity management systems, access control policies, and metadata transforms.
These are the sub-resources and the context in which they are applicable when using the Gateway.
Sub- |
|---|
Resource | Context | Description |
|---|---|---|
idsys | domain | Identity system definition |
policy | domain, bucket | Access control policy |
xform | domain, bucket | Metadata transform |
All storage domain and bucket sub-resources are controlled with one of the policy actions PutPolicy, GetPolicy, or DeletePolicy.
| Infonote |
|---|
WarningPermission to read or change these sub-resources for a storage domain must be protected from untrusted users and, in deployments where end-users are allowed to manage storage domains, a cluster or tenant administrator normally retains ownership of the storage domain. An end-user is able to read and change the domain's sub-resources if they own the storage domain. |
| Table of Contents |
|---|
IDSYS
The IDSYS document sub-resource for a storage domain is manipulated using authenticated SCSP commands through the Gateway. This is accomplished by uploading the JSON document for the IDSYS to the storage domain's idsys IDSYS sub-resource using the HTTP PUT operation.
...
The entire JSON document with all fields must be provided when updating the idsys IDSYS sub-resource and the Content-Type: application/json header must be included with the request.
Permission to update the IDSYS document for a domain is granted with the PutPolicy policy action.
Reading the IDSYS document is controlled with the GetPolicy policy action and uses the HTTP GET operation.
...
An IDSYS is removed using the HTTP DELETE operation and controlled with the DeletePolicy policy action.
| Code Block |
|---|
DELETE /?idsys |
Policy
The Policy document sub-resources for storage domains and buckets are manipulated using authenticated SCSP commands through the Gateway.
Creating a new Policy document or replacing an existing one are both controlled with the PutPolicy action. The entire JSON document with all fields must be provided when updating the policy sub-resource and the Content-Type: application/json header must be included with the request.
...
| Code Block | ||
|---|---|---|
| ||
PUT /?policy
Content-Type: application/json
{"Id":"My Domain Policy", ... }
|
...or a bucket Policy:
| Code Block | ||
|---|---|---|
| ||
PUT /mybucket?policy
Content-Type: application/json
{"Id":"My Bucket Policy", ...} |
Reading a Policy document is controlled by the GetPolicy action. Examples of reading a Policy for a storage domain and a bucket:
...
Deleting a Policy document is controlled by the DeletePolicy action. Examples of deleting a Policy for a storage domain and a bucket:
| Code Block |
|---|
DELETE /?policy DELETE /mybucket?policy |
XFORM
The metadata transform (XFORM) sub-resource for domains and buckets are manipulated using authenticated SCSP commands through the Gateway.
Creating a new XFORM document or replacing an existing one are both controlled with the PutPolicy action. The entire JSON document with all fields must be provided when updating the xform sub-resource and the Content-Type: application/json header must be included with the request.
...
Reading an XFORM document is controlled by the GetPolicy action. Examples of reading an XFORM for a storage domain and a bucket:
...
Deleting an XFORM document is controlled by the DeletePolicy action. Examples of deleting an XFORM for a storage domain and a bucket:
...