About Object Storage Classic Roles and Users

The following table summarizes the Oracle Cloud Infrastructure Object Storage Classic roles used for accessing, administering, and using Oracle Cloud Infrastructure Object Storage Classic instances.

Role Name	Description	More Information
`TenantAdminGroup` (Identity Domain Administrator)	Users who are assigned this role can perform all tasks in the Infrastructure Classic Console, including user and role management tasks. Note that Oracle Cloud assigns this role to all trial users.	Oracle Cloud User Roles and Privileges in Getting Started with Oracle Cloud
`Storage.Storage_Administrator` (Service Administrator) For nonmetered subscriptions, the role name would be `service-instance-name.Storage_Administrator`.	Users who are assigned this role can perform the following tasks: Perform all tasks for an Oracle Cloud Infrastructure Object Storage Classic instance, including user management Monitor and manage service usage in Oracle Cloud Grant roles to users Create and delete containers Modify container ACLs The account administrator can create more storage administrators, as required, by assigning this role.	Managing Containers in Oracle Cloud Infrastructure Object Storage Classic Managing Objects in Oracle Cloud Infrastructure Object Storage Classic
`Storage.Storage_ReadWriteGroup` For nonmetered subscriptions, the role name would be `service-instance-name.Storage_ReadWriteGroup`.	Users who are assigned this role can perform the following tasks: Create, read, modify, and delete objects within containers List containers (note that they cannot create, modify, or delete containers) List objects within containers unless the roles has been removed from the containers's read ACL	Managing Containers in Oracle Cloud Infrastructure Object Storage Classic Managing Objects in Oracle Cloud Infrastructure Object Storage Classic
`Storage.Storage_ReadOnlyGroup` For nonmetered subscriptions, the role name would be `service-instance-name.Storage_ReadOnlyGroup`.	Can perform the following tasks: Read objects List containers List objects within containers unless the role has been removed from the container's read ACL Given the default ACLs added to containers, users who are assigned this role can read the contents of all containers.	Managing Containers in Oracle Cloud Infrastructure Object Storage Classic Managing Objects in Oracle Cloud Infrastructure Object Storage Classic

Note that the containers ACLs can be rewritten. So while the predefined roles have semantics based on the default behavior, access to a container is governed entirely by the values set for the container's X-Container-Read and X-Container-Write metadata fields, and not by the role. For more information, see Setting Container ACLs.