Managing User S3 Permissions

  • Updated on Jan 31, 2026
  • Published on Jan 27, 2026
  • 1 minute(s) read
Prev Next

To grant client users S3 access:

  • Provide each client user with an S3 key pair for authenticating to the VAST Cluster S3 service. Key pairs can be created, removed, enabled and disabled via the VMS. The key pair allows access to a single tenant on the cluster.

    Alternatively, you can enable Active Directory/LDAP users to create and manage their own S3 access key pairs.

  • Attach identity policies to users to best control their S3 permissions. This includes all permissions, including permission to create and delete buckets which cannot be controlled via ACLs.

  • Another way of granting special permissions to individual users is through specific permission settings per user. These can give permission to create buckets, permission to delete buckets and S3 superuser permissions to override ACLs in a bucket.

    Note

    These permission settings are overridden by any conflicting statements in any identity policies that are attached to the user or to a group to which the user belongs.

    To grant these permissions through the VAST Web UI , see Managing S3 User Access from the VAST Web UI. Managing S3 User Access from the VAST Web UI

    To grant these permission through the VAST CLI, see Managing S3 Access from the VAST CLI.Managing S3 Access from the VAST CLI

Related articles
  • Managing User S3 Permissions
    VAST Cluster > Version 5.1 > VAST Cluster 5.1 Administrator's Guide > Managing Access Protocols > S3 Object Storage Protocol > Managing S3 User Permissions
  • Managing User S3 Permissions
    VAST Cluster > Version 5.2 > VAST Cluster 5.2 Administrator's Guide > Managing Access Protocols > S3 Object Storage Protocol > Managing S3 User Permissions
  • Managing User S3 Permissions
    VAST Cluster > Version 5.3 > VAST Cluster 5.3 Administrator's Guide > Managing Access Protocols > S3 Object Storage Protocol > Managing S3 User Permissions