Controlling Access to Resources Using S3 ACLs

Access to AWS S3 resources are, by default, private. Only the owner of a resource has access. Optionally, resource owners can grant resource permission to other users by specifying resource-based policy options, such as access control lists (ACLs).

Note:

Other AWS S3 resource-based policy options such as Bucket Policies and User Policies are not supported by the Oracle ZFS Storage Appliance S3 API Service. These AWS S3 policies are similar to the appliance roles that are granted to users. For more information about the Oracle ZFS Storage Appliance roles, see Configuring Users in Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x .

Note:

To support a unified view of the Oracle ZFS Storage Appliance filesystem from other appliance-supported protocols, S3 ACLs are automatically mapped to the equivalent appliance filesystem ACLs. For additional information about Oracle ZFS Storage Appliance ACLs, see Access Control Lists for Filesystems in Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x .

To better understand how to manage appliance resource permissions using AWS S3 ACLs, see the following topics.

• Supported and Unsupported Header Requests

• Setting ACL Policy Permissions in a Request

• Supported Amazon S3 Predefined User Groups

• Supported S3 ACL Permissions

For further details about managing access permissions with AWS S3 ACLs, see Who Is a Grantee?