Tenant Users in Cloud Director OSE Can Modify and Delete Any Bucket Within Their Organization
search cancel

Tenant Users in Cloud Director OSE Can Modify and Delete Any Bucket Within Their Organization

book

Article ID: 414418

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

In VMware Cloud Director Object Storage Extension (OSE), all tenant users within the same organization are granted full access to all buckets, regardless of individual ownership. Attempts to enforce restrictions using Access Control Lists (ACLs) are ineffective.

Environment

Cloud Director 10.6.X
Object Storage Extension 3.1

Cause

Access Control Lists is being deprecated on some storage platforms. The availability of this feature depends on the underlying storage platform support. For more information, consult your storage vendors.

Resolution

To manage access effectively, it is now recommended to use bucket policies, which provide more robust and flexible permission controls. For more information please see Bucket Policies in the link below:

Bucket Policies
https://techdocs.broadcom.com/us/en/vmware-cis/cloud-director/object-storage-extension/3-1/using-vmware-vcloud-director-object-storage-extension-as-a-tenant-user-3-1/working-with-buckets/sharing-buckets.html#GUID-84597742-492B-4017-A11F-10B94CB0BCF7-en

 

Powered by Wolken Software