The Vault system supports these additional canned ACLs:

Canned ACL

Applies to

Permissions added to ACL

group-read

Bucket and object

Owner gets FULL_CONTROL. All other members of the owner’s Vault service user group get READ access.

group-read-write

Bucket and object

Owner gets FULL_CONTROL. All other members of the owner’s Vault service user group get READ and WRITE access.

NoteTo grant access to groups other than the requester’s own group, you cannot use canned ACLs. Instead, when using standard Amazon S3 methods for assigning privileges to a grantee (via request headers or request body), specify "<groupID>|" as the grantee. The "<groupID>|" format (with vertical bar) indicates that the grantee is a group — for example, "Group5|".

NoteWhen access privileges have through separate requests been granted to a group and to a specific member of the group, the user gets the broader of the privilege grants. For example, if Group5 is granted read-write privileges and a specific user within Group5 is separately granted read privileges, the user gets read-write privileges.

 

Connect with Us on LinkedIn

Follow Us on LinkedIn to find out what is currently going on and link with our Consultants!