- Notes, cautions, and warnings
- Revision history
- About using this guide
- Overview
- Getting Started with ObjectScale
- IAM accounts and account entities
- Introduction to Identity and Access Management
- Accounts
- New Accounts
- View the summary of an account
- Edit Account
- Enable or Disable an Account
- Delete an account
- Users
- Groups
- Roles
- Policies
- Create a new customer-managed policy
- Edit a customer-managed policy
- Delete a customer-managed policy
- Attach a policy to an account entity
- Detach a policy from an account entity
- Attach a permission boundary to an account entity
- Detach a permission boundary from an account entity
- Actions in IAM Policy
- Principal types in IAM Policies
- Identity Provider
- Root Access Keys
- Notification Destinations
- Object stores
- About ObjectScale object stores
- Creating a new object store
- Edit the settings of an object store
- Delete an object store
- View the Summary of an object store
- View the Dashboard of an Object Store
- Understand object store space reclamation
- Set capacity alerts for an object store
- Add additional accounts to an object store
- Edit an account values for an object store
- Remove an account from an object store
- View the certificates for an object store
- Monitor and manage replication for an object store
- View the health of an object store
- Metrics
- Buckets
- About ObjectScale buckets
- Create a bucket
- Edit a bucket
- View the summary of a bucket
- Delete a bucket
- Configure Bucket Logging
- About bucket policies
- Setting up bucket event notifications
- View the Bucket Summary
- Managing Bucket Replication
- Federate ObjectScale Systems
- ObjectScale Replication
- Platform settings
- Management Users and Roles in ObjectScale
- Authentication Providers in ObjectScale Software Bundle
- ObjectScale Administration
- About the Administration section of the ObjectScale Portal
- Installing and maintaining the health of ObjectScale
- Licensing ObjectScale
- System support
- SAML Service Provider Metadata
- Manage ObjectScale Certificates
- Security settings
- Active sessions
- ObjectScale Upgrades
- ObjectScale 1.3 upgrade considerations
- Upgrade ObjectScale on OpenShift
- Upgrade Considerations for OpenShift Container Platform from 4.12 to 4.13
- Prerequisites for OpenShift Container Platform Upgrade from 4.12 to 4.13
- Upgrade Procedure for OpenShift Container Platform from 4.12 to 4.13
- Upgrade ObjectScale on Software Bundle
- Upgrade ObjectScale on Appliance
- Troubleshooting Object store upgrade status in progress after failed node repair
- ObjectScale Management REST API
- Accessing data with IAM and S3
- ObjectScale IAM overview
- Amazon S3 API support in ObjectScale
- Alerts
- About ObjectScale instance event and issue monitoring
- Monitoring Events, Audits, and Alerts
- CSI-01
- CSI-03
- CSI-05
- DECKS-HC-1000
- DECKS-LIC-1002
- DECKS-LIC-1005
- DECKS-LIC-1006
- DECKS-LIC-1008
- DECKS-LIC-1011
- DECKS-SA-1023
- DECKS-SA-1024
- KAHM-HC-1000
- OBJSC-CO-0000
- OBJSC-CO-0001
- OBJSC-CO-0002
- OBJSC-CO-0003
- OBJSC-CO-0004
- NVMF-1389
- NVMF-1390
- NVMF-1393
- NVMF-1395
- NVMF-1396
- OBJPRECHK-2000
- OBJPRECHK-2001
- OBJPRECHK-2002
- OBJPRECHK-2003
- OBJPRECHK-2004
- OBJPRECHK-2005
- OBJPRECHK-2006
- OBJPRECHK-2007
- OBJPRECHK-2008
- OBJPRECHK-2009
- OBJPRECHK-2010
- OBJPSTCHK-3000
- OBJPSTCHK-3001
- OBJPSTCHK-3002
- OBJPSTCHK-3003
- OBJSC-FED-1001
- OBJSC-IAM-1004
- OBJSC-LIC-0004
- OBJSC-MGR-3000
- OBJSC-MGR-HC-1000
- OBJSC-MON-1111
- OBJSC-MON-1112
- OBJSC-MON-1113
- OBJSC-MON-3002
- OBJSC-MON-3003
- OBJSC-MON-4019
- OBJSC-MON-4020
- OBJSC-MON-4021
- OBJSC-MON-4022
- OBJSC-MON-4025
- OBJSC-MON-4028
- OBJSC-SP-0000
- OBJSC-SP-0001
- OBJSC-SP-0002
- OBJSC-SP-0003
- OBJSC-SP-0004
- OBJSC-TARGET-01
- OBJSOP-1000
- OBJSOP-1001
- OBJSOP-1002
- OBJSOP-1003
- OBJSOP-1004
- OBJSOP-1005
- OBJSOP-1006
- OBJSOP-2001
- OBJSOP-2002
- OBJST-1006
- OBJST-1008
- OBJST-12001
- OBJST-12003
- OBJST-12004
- OBJST-12005
- OBJST-12006
- OBJST-12007
- OBJST-12008
- OBJST-12010
- OBJST-12011
- OBJST-13000
- OBJST-13001
- OBJST-13002
- OBJST-13003
- OBJST-13004
- OBJST-13005
- OBJST-13006
- OBJST-13007
- OBJST-13008
- OBJST-13009
- OBJST-13010
- OBJST-13011
- OBJSTEPUPD-4000
- OBJSTEPUPD-4001
- OBJSTEPUPD-4002
- OBJSTEPUPD-4003
- OBJSTEPUPD-4004
- OBJSTEPUPD-4005
- OBJSTEPUPD–4006
- OBJSTEPUPD–4007
- OBJSTEPUPD–4008
- OBJST-1320
- OBJST-1321
- OBJST-1324
- OBJST-1325
- OBJST-1328
- OBJST-1329
- OBJST-1332
- OBJST-1333
- OBJST-1336
- OBJST-1337
- OBJST-1340
- OBJST-1341
- OBJST-1344
- OBJST-1345
- OBJST-1352
- OBJST-1354
- OBJST-1364
- OBJST-1365
- OBJST-1366
- OBJST-1389
- OBJST-1390
- OBJST-1392
- OBJST-1600
- OBJST-1601
- OBJST-1602
- OBJST-1603
- OBJST-1604
- OBJST-1605
- OBJST-1700
- OBJST-1701
- OBJST-2100
- OBJST-2101
- OBJST-MON-4016
- OBJST-MON-4019
- OBJST-MON-4020
- OBJSTORE-HC-1000
- OBJUPD-1000
- SNMPNOTI-1000
- TEST TRAP
- Metrics for ObjectScale and object stores
- Maintain ObjectScale
- About ObjectScale service procedures
- About ObjectScale capacity expansion procedures
- About ObjectScale maintenance modes
- Maintenance mode in ObjectScale on OpenShift
- Place a node into temporary maintenance mode (ObjectScale on OpenShift)
- Remove a node from temporary maintenance mode (ObjectScale on OpenShift)
- Place a healthy node into permanent maintenance mode (ObjectScale on OpenShift)
- Place a failed node into permanent maintenance mode (ObjectScale on OpenShift)
- Temporary maintenance mode for ObjectScale Software Bundle
- Maintenance mode in ObjectScale on Appliance
- Disk replacement service procedure
- Perform a node replacement service procedure (ObjectScale on OpenShift)
- Add a node (ObjectScale Software Bundle)
- Remove a node (ObjectScale Software Bundle)
- Prepare a failed node for node hardware or software maintenance (ObjectScale Software Bundle)
- Prepare a healthy node for node hardware or software maintenance (ObjectScale Software Bundle)
- Replace a healthy node within the ObjectScale Software Bundle
- Replace a failed node within the ObjectScale Software Bundle
- Add a node (ObjectScale Appliance)
- Node Replacement on ObjectScale Appliance
- Node Repair on ObjectScale Appliance
- Failed Node Repair on ObjectScale Appliance
- View service procedure status
- Updating iDRAC IPs Using Server Patch API for ObjectScale Appliance
- Shutting Down and Restarting ObjectScale
- About ObjectScale service procedures
Dell ObjectScale 1.3 Administration Guide
List of protected actions
When PAAS is enabled, the following predefined actions require approval by an Approver User.
PAAS privileged actions
The following actions require approval when PAAS is enabled, regardless of whether Platform Protection and Account Protection modes are enabled or disabled.
| Action | Description | Resource (for API) | Required role of Management User who submits the request |
|---|---|---|---|
| Create Approval User. | Adding new Approver Users after the initial two Approver Users requires approval.
NOTE:The first two Approver Users are created before PAAS is enabled and do not need approvals.
|
paas | security_admin |
| Delete Approval User. | Deleting any Approver User requires approval. | paas | security_admin |
| Enable Platform Protection Mode. | Enabling Platform Protection Mode requires approval. See the next table for a list of additional actions that require approval when Platform Protection is enabled. | paas | security_admin |
| Disable Platform Protection Mode. | Disabling Platform Protection requires approval. | paas | security_admin |
| Reset an Approver User password. | If an Approver User forgets a password, a Management User with security_admin role can reset the password. This action requires approval.
NOTE:Approver Users can change their own passwords without approval.
|
paas | security_admin |
Platform Protection Mode privileged actions
The following additional actions require approval when Platform Protection Mode is enabled.
| Action | Description | Resource (for API) | Required role of Management User who submits the request |
|---|---|---|---|
| Escalate permission. | The escalate permission command requires approval. This command allows the user to open a shell-like environment at the operating system level on the ObjectScale Appliance. | platform | operations_admin |
Account Protection Mode privileged actions
Account Protection is enabled individually per account. When Account Protection is enabled on an account, the following actions require approval.
| Action | Description | Resource (for API) | Required role of Management User who submits the request |
|---|---|---|---|
| Disable account protection. | Enabling protection on an account does not require approval, but disabling the protection after it is enabled does require approval. | iam | operations_admin |
| Configure bucket locks. | Change bucket lock configurations. | objControl |
operations_admin |
| Configure Object Lock. | Change Object Lock configurations. | s3 |
operations_admin |
| Configure object retention. | Reduce retention periods on Object Locks with a GOVERNANCE mode lock.
NOTE:The initial setting and changes to increase the retention period are not protected actions.
NOTE:It is not possible to change the configuration on a COMPLIANCE mode lock. A PAA request for a COMPLIANCE mode override does not work.
|
s3 |
operations_admin |
| Delete with retention override . | Delete objects under retention with a GOVERNANCE mode lock.
NOTE:It is not possible to override a COMPLIANCE mode lock. A PAA request for a COMPLIANCE mode override does not work.
|
s3 |
operations_admin |
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\