Dell DX6004S DX Object Storage Administration Guide - Page 18

See one of the following sections for more information about tenants: • Section 4.1, "Terminology Related to Tenant Security" • Section 4.2, "About the Default Cluster Domain" • Section 4.3, "Security Privileges for Administrative Operations" • Section 4.4, "Rules and Recommendations for Managing Tenants" • Section 4.5, "Domain Naming Rules" • Section 4.6, "Adding, Editing, or Deleting Tenants" • Section 4.7, "Other Cluster Administrator Tasks" 4.1. Terminology Related to Tenant Security Following are basic terms related to DX Storage security: • Authorization list: List of SCSP operations that users in a security realm are allowed to execute. The authorization list is specified by the Castor-Authorization header, which is discussed in detail in the DX Object Storage Application Guide. An authorization list can be associated with a domain, bucket, or named object. • User list (also referred to as a security realm or a realm): List of user names and passwords that are hashed using the algorithm defined for Digest Access Authentication. A user list can be associated with a domain or bucket. Domain managers are responsible for managing realms and authorization lists for the domain. You create domain managers as discussed in this chapter. DX Storage uses the following roles to determine who can perform different types of actions in the cluster: • Cluster administrator (that is, you): You are responsible for creating tenants and domain managers; and you are responsible for the overall maintenance, management, and monitoring of the cluster. You maintain the list of cluster administrators using the administrators parameter in the cluster or node configuration file. For more information, see Section 6.2, "Managing DX Storage Administrators and Users". • Domain manager: Maintains the domain manager user list, and determines which realms can create buckets in a domain. Copyright © 2010 Caringo, Inc. All rights reserved 13 Version 5.0 December 2010