Dell DX6000 Application Manual
Download Application manual of Dell DX6000 Desktop, Server for Free or View it Online on All-Guides.com.
Brand: Dell
Category: Desktop , Server , Software , Storage
Type: Application manual
Model: Dell DX6000 , Dell DX6004S , Dell DX6012S
Pages: 81 (0.65 Mb)
Copyright © 2010 Caringo, Inc.
All rights reserved 47
Version 5.0
December 2010
• Castor-Authorization: cluster.example.com/mybucket enables only users in the
cluster.example.com/mybucket realm to perform operations on an object. All other users
are prevented from performing any operation on the object.
• Castor-Authorization: view=cluster.example.com,
change=cluster.example.com/mybucket enables users in the cluster.example.com/
mybucket realm to change the object but any user in the cluster.example.com realm to view
the object.
• Castor-Authorization: view=cluster.example.com,
[email protected] enables only the user named
john.smith in the cluster.example.com realm to change the object but any user in the
cluster.example.com realm can view the object.
• Castor-Authorization: post=cluster.example.com/mybucket,
delete=cluster.example.com/mybucket, get=cluster.example.com, head=
enables users in the cluster.example.com/mybucket realm to post and delete objects. It
allows anyone in the cluster.example.com realm to get objects.
Anyone can head objects without authenticating.
Castor-Authorization: head=, get=cluster.example.com,
post=cluster.example.com/mybucket, delete=cluster.example.com/mybucket is
equivalent to the preceding example.
• Castor-Authorization: post=owner@, change=@owner enables the user who created
the object to post, and any user in the same realm to change the object.
Any user can get or head the object without authenticating.
Non-recommended example: Castor-Authorization: view=cluster.example.com/
mybucket, view=cluster.example.com
Only domain managers have rights to view the object. Users in the cluster.example.com (and
all other realms) have no access to the object. For more information, see the next section.
Additional examples can be found in Chapter 13, Managing Security for Application Developers and
Chapter 14, Managing Security for Domain Managers.
12.5. About Authorization Header Evaluation
If there is more than one authorization header stored with the object, DX Storage first forms a single,
comma-separated list of values. DX Storage then finds a realm in which to authenticate the request
using the requested method name and searches in the following order:
1. If there is a method operation (put, copy, append, get, head, or delete) in one of the
authorization headers that exactly matches (ignoring case) the requested method, that realm
name is chosen and the search terminates.
2. If the requested method is get or head, the search continues using the generic method view. All
other methods (except post) are mapped to the generic method change.
3. If there is a generic operation (view or change) in one of the authorization headers that exactly
matches (ignoring case) the requested generic method, that realm name is chosen and the
search terminates.
4. If there is a default realm name in an authorization header, that realm is chosen.