Granting Access and Permissions
In the Users tab of the User Management page, display the user for which you want to generate a key pair:
You can query VMS for an existing user. This can be either any user whose attributes were already retrieved from external authorization providers through NFS or SMB RPCs. It can also be an existing local user.
You can create a new user on the local provider.
Open the Actions menu for the user and select Edit.
In the Update User dialog, click Create new key.
An access key is displayed with its status (enabled by default).
The secret key is displayed below it with a Copy key button:
Click Copy key to copy the secret key to your clipboard.
Important
The secret key for this pair will not be shown again, so keep the key carefully to pass it onto the user.
Attach identity policies to control the user's S3 permissions:
From the Identity Policies dropdown, select an identity policy that you want to attach to the user.
The policy name is entered into the Identity Policies field.
Note
If the policy that you select covers permission to create and/or delete buckets, the policy will override the Allow Create Bucket and Allow Delete Bucket permission settings per user.
If you want to attach another policy to the user, open the dropdown again and select another policy. The first policy that you already attached appears checked in the dropdown list.
The second policy is also added to the Identity Policies field.
Repeat as needed to attach additional policies to the user. To remove policies, open the dropdown and deselect each policy that you want to remove.
Alternatively to the previous step, grant the user any of the special S3 permissions:
Allow Create Bucket. Allows the user to create S3 buckets.
Allow Delete Bucket. Allows the user to delete S3 buckets.
S3 Superuser. Allows the user full read and write access to data and metadata, overriding ACLs.
Click Update to update the user definition.
You can now provide the user with the access key and the secret key.
Enabling and Disabling a Key Pair
Note
Access key pairs that are replicated to the cluster from an async replication peer are disabled by default.
Display the user on the Users tab of the User Management page (see Querying Users).
Open the Actions menu for the user and select Edit.
In the Update User dialog, the status of each of the user's key pairs is shown (enabled or disabled).
To enable a key pair, click
.png?sv=2022-11-02&spr=https&st=2026-02-09T10%3A45%3A21Z&se=2026-02-09T10%3A57%3A21Z&sr=c&sp=r&sig=g5q0vYIgWMefPjP8sPh3HczUcu%2B3lggj9ZpmUUlzccs%3D)
. To disable a key pair, click .png?sv=2022-11-02&spr=https&st=2026-02-09T10%3A45%3A21Z&se=2026-02-09T10%3A57%3A21Z&sr=c&sp=r&sig=g5q0vYIgWMefPjP8sPh3HczUcu%2B3lggj9ZpmUUlzccs%3D)
.
Removing a Key Pair
Display the user on the Users tab of the User Management page (see Querying Users).
Open the Actions menu for the user and select Edit.
In the Update User dialog, the access key of the key pair is listed.
Click the delete button (
.png?sv=2022-11-02&spr=https&st=2026-02-09T10%3A45%3A21Z&se=2026-02-09T10%3A57%3A21Z&sr=c&sp=r&sig=g5q0vYIgWMefPjP8sPh3HczUcu%2B3lggj9ZpmUUlzccs%3D)
) for the access key.Click Yes to confirm the removal.
The key pair is removed.