In such case, you will need to use the account management.
Please note that you can automate all the management operations by using lambda functions. Please contact our firstname.lastname@example.org for help.
- Administrator account - Administrator is allowed to log in to NooBaa web management console. The administrator is responsible for resource management and can add storage nodes, cloud resources, etc. An administrator can also manage the permissions across the system. An administrator has email and password credentials in addition to AWS S3 compatible access key and secret key.
- Application account - An application has only AWS S3 compatible API access to the one or more buckets that were assigned to this account by an administrator. Any new bucket that the application will create, will be visible only to this application account. Application account has only AWS compatible S3 access key and secret key credentials.
An example of onboarding a new customer:
- Navigate to Accounts
- An Administrator creates a new "Application Account" for that customer, with Login Access: disabled). [screenshot]
- [Optionally] the administrator can create a bucket for the customer and enable access to this bucket. Alternatively, the customer will create his own bucket. [screenshot]
- The customer will get his AWS S3 compatible credentials and NooBaa's endpoint via email and will use it with his S3 application. Any application that can work with AWS should work with NooBaa. Same for AWS CLI, S3cmd, and any AWS SDK. [screenshot]
- When the customer's application requests to list available buckets, that list will return empty at first, since that account has no access to any bucket. The list-buckets request will always filter based on permissions.
- When the application creates a new bucket through the S3 API, any such bucket created by the application will automatically be granted access permission only to that application account. Alternatively, an administrator can also create buckets and grant access permissions to a specific application account.