Dell DX6004S DX Object Storage Application Guide - Page 51

Make sure you use consistent URIs when you are accessing unnamed objects with the Castor-Authorization header. 12.3.1. About Realm Names The following topics discuss the syntax you must use for realm-name in the authorization specification: • Section 12.3.1.1, "About Realms and Buckets" • Section 12.3.1.2, "About owner@ and @owner Syntax" • Section 12.3.1.3, "About user@realm Syntax" 12.3.1.1. About Realms and Buckets To specify a realm for a bucket, the realm name must exactly match the fully qualified name of the bucket. You must use the format domain-name/bucket-name; for example, cluster.example.com/mybucket. 12.3.1.2. About owner@ and @owner Syntax You can use the following names to grant privileges to the realm owner or to all users in the owner's realm. (The owner is the user who created the object.) Note You must specify realm owner names exactly as shown in the following table. You cannot prepend or append anything to them. User name syntax owner@ @owner Meaning Only the user who created or last modified the bucket or object can perform the specified operation. Any user in the same realm as the bucket or object owner can perform the specified operation. 12.3.1.3. About user@realm Syntax To assign privileges to a specific user, use the format user-name@realm. For example, to enable only the user john.smith in the realm cluster.example.com privileges to an object, use [email protected]. If you omit realm, DX Storage looks for the user in the object owner's realm. (The object owner is the user who created or last modified the object.) 12.4. Authorization Specification Examples This example discusses various ways to create buckets and named objects with authorization. For more detailed information about Castor-Authorization header evaluation, see Section 12.5, "About Authorization Header Evaluation". Valid examples: Copyright © 2010 Caringo, Inc. All rights reserved 46 Version 5.0 December 2010