- Notes, cautions, and warnings
- Revision history
- About using this guide
- Overview
- Getting Started with ObjectScale
- IAM accounts and account entities
- Introduction to Identity and Access Management
- Accounts
- New Accounts
- View the summary of an account
- Edit Account
- Enable or Disable an Account
- Delete an account
- Users
- Groups
- Roles
- Policies
- Create a new customer-managed policy
- Edit a customer-managed policy
- Delete a customer-managed policy
- Attach a policy to an account entity
- Detach a policy from an account entity
- Attach a permission boundary to an account entity
- Detach a permission boundary from an account entity
- Actions in IAM Policy
- Principal types in IAM Policies
- Identity Provider
- Root Access Keys
- Notification Destinations
- Metrics
- Object stores
- About ObjectScale object stores
- Creating a new object store
- Edit the settings of an object store
- Delete an object store
- View the Summary of an object store
- View the Dashboard of an object store
- Set capacity alerts for an object store
- Add additional accounts to an object store
- Edit an account values for an object store
- Remove an account from an object store
- View the certificates for an object store
- Monitor and manage replication for an object store
- View the health of an object store
- Metrics
- Buckets
- Federate ObjectScale Systems
- ObjectScale Replication
- Management Users and Roles in ObjectScale Software Bundle
- Authentication Providers in ObjectScale Software Bundle
- Maintain ObjectScale
- ObjectScale Management REST API
- Accessing data with IAM and S3
- ObjectScale IAM overview
- Amazon S3 API support in ObjectScale
- Alerts
- About ObjectScale instance event and issue monitoring
- Monitoring Events, Audits, and Alerts
- CSI-01
- CSI-03
- CSI-05
- DECKS-HC-1000
- DECKS-LIC-1002
- DECKS-LIC-1005
- DECKS-LIC-1006
- DECKS-LIC-1008
- DECKS-LIC-1011
- DECKS-SA-1023
- DECKS-SA-1024
- KAHM-HC-1000
- NVMF-1389
- NVMF-1390
- NVMF-1393
- NVMF-1395
- OBJSC-FED-1001
- OBJSC-IAM-1004
- OBJSC-LIC-0004
- OBJSC-MGR-3000
- OBJSC-MGR-HC-1000
- OBJSC-MON-1111
- OBJSC-MON-1112
- OBJSC-MON-1113
- OBJSC-MON-3002
- OBJSC-MON-3003
- OBJSC-MON-4019
- OBJSC-MON-4020
- OBJSC-MON-4021
- OBJSC-MON-4022
- OBJSC-MON-4025
- OBJSC-MON-4028
- OBJSC-SP-0000
- OBJSC-SP-0001
- OBJSC-SP-0002
- OBJSC-SP-0003
- OBJSC-SP-0004
- OBJSC-TARGET-01
- OBJSOP-1000
- OBJSOP-1001
- OBJSOP-1002
- OBJSOP-1003
- OBJSOP-1004
- OBJSOP-1005
- OBJSOP-1006
- OBJSOP-2001
- OBJSOP-2002
- OBJST-1006
- OBJST-1008
- OBJST-12001
- OBJST-12003
- OBJST-12004
- OBJST-12005
- OBJST-12006
- OBJST-12007
- OBJST-12008
- OBJST-13000
- OBJST-13001
- OBJST-13002
- OBJST-13003
- OBJST-13004
- OBJST-13005
- OBJST-13006
- OBJST-13007
- OBJST-13008
- OBJST-13009
- OBJST-13010
- OBJST-13011
- OBJST-1320
- OBJST-1321
- OBJST-1324
- OBJST-1325
- OBJST-1328
- OBJST-1329
- OBJST-1332
- OBJST-1333
- OBJST-1336
- OBJST-1337
- OBJST-1340
- OBJST-1341
- OBJST-1344
- OBJST-1345
- OBJST-1352
- OBJST-1354
- OBJST-1364
- OBJST-1365
- OBJST-1366
- OBJST-1389
- OBJST-1390
- OBJST-1392
- OBJST-1600
- OBJST-1601
- OBJST-1602
- OBJST-1603
- OBJST-1604
- OBJST-1605
- OBJST-1700
- OBJST-1701
- OBJST-2100
- OBJST-2101
- OBJST-MON-4016
- OBJST-MON-4019
- OBJST-MON-4020
- OBJSTORE-HC-1000
- SNMPNOTI-1000
- TEST TRAP
- Metrics for ObjectScale and object stores
- Troubleshooting and service procedures
- About the ObjectScale service pod
- Collecting troubleshooting logs
- About ObjectScale service procedures
- About ObjectScale capacity expansion procedures
- About ObjectScale maintenance modes
- Maintenance mode in ObjectScale on OpenShift
- Place a node into temporary maintenance mode (ObjectScale on OpenShift)
- Remove a node from temporary maintenance mode (ObjectScale on OpenShift)
- Place a healthy node into permanent maintenance mode (ObjectScale on OpenShift)
- Place a failed node into permanent maintenance mode (ObjectScale on OpenShift)
- Temporary maintenance mode for ObjectScale Software Bundle
- Maintenance mode in ObjectScale on OpenShift
- Disk replacement service procedure
- Perform a node replacement service procedure (ObjectScale on OpenShift)
- Add a node (ObjectScale Software Bundle)
- Remove a node (ObjectScale Software Bundle)
- Prepare a failed node for node hardware or software maintenance (ObjectScale Software Bundle)
- Prepare a healthy node for node hardware or software maintenance (ObjectScale Software Bundle)
- Replace a healthy node within the ObjectScale Software Bundle
- Replace a failed node within the ObjectScale Software Bundle
- View service procedure status
Dell EMC ObjectScale 1.2.x Administration Guide
Introduction to Identity and Access Management
In ObjectScale, Identity and Access Management (IAM) a shared service within a single ObjectScale instance used to manage Accounts and the Account's IAM entities.
IAM provides an AWS-compatible authentication and authorization mechanism that are availed by other ObjectScale services such as:
- Datahead (S3)
- Geoservice
- Object store management service
In this release the top-most level of the ObjectScale IAM hierarchy is an Account. Several Accounts can be defined within a single ObjectScale instance. When an IAM account is added to an object store, that account becomes a tenant within that object store. A tenant is a logical construct resulting from the binding of the IAM account to the object store.
Every Account has a globally unique identifier assigned to it by the IAM service at the time of creation. An IAM Account contains other IAM entities like Users, Groups, Roles, Policies, and Service Providers associated with it. You cannot create or modify an Account to have another Account associated with it.
NOTE: ECS Object users are not supported in ObjectScale.
In ObjectScale, each account consists of replicated IAM entities and ObjectScale local IAM entities. Local IAM entities remain local within the ObjectScale instance and are not replicated. Global entities are replicated to other ObjectScale instances. Replicated IAM entities and ObjectScale local IAM entities have separate APIs.
The ObjectScale instance where the Account was created initially owns that Account and is known as the Account Owner. That account is a primary account on that ObjectScale instance. Within ObjectScale there can be only one Account Owner for any given Account and its underlying IAM entities.
Multiple ObjectScale instances can be connected to each other forming an ObjectScale Federation. Within this federation all ObjectScale instances have a trust relationship established with each other. Any Federation member knows about other Federation members through ObjectScale Federation Service. Any Federation member knows about all existing Accounts across the Federation, i.e. there is a shared Account Registry. When a primary IAM account is replicated from its ObjectScale instance to another ObjectScale instance(s) within the federation, it becomes a secondary on these other ObjectScale instances. For more information about federating ObjectScale instances, see Federate ObjectScale Systems.
An Account can be changed by an authorized user. The user can add, update, or delete any of the entities associated with that account. However, such operations must always be performed on the ObjectScale instance that owns the Account. When the IAM entity is changed, the effects of those changes may not take effect immediately.
If a user tries to change an Account from an ObjectScale that doesn't own that Account, the user will get HTTP 301 or 308 message along with the URL that corresponds to the Account Owner.
The ObjectScale Management Rest API ZIP file with the supported IAM APIs at available on the Drivers & Downloads tab of your model and version (https://www.dell.com/support/home/en-us/product-support/product/objectscale-product-family/overview).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\