Copyright © 2010 Caringo, Inc.
All rights reserved 15
4.3. Security Privileges for Administrative Operations
The following table shows the privileges required to perform administrative operations in a domain,
bucket, or in the objects contained by them.
Operation Privilege required
Create tenants CAStor administrator only. This realm is defined by
the administrators parameter in your node or cluster
configuration file. For more information, see Section 6.2,
“Managing DX Storage Administrators and Users”.
Manage realms (that is, user lists) put, post, or change in the domain or bucket.
The user list for the domain is administered by the domain
User lists for buckets are administered by authorized
users in the domain.
Create buckets in a domain. post in the domain.
The Admin Console enables you to set post permissions
as "protection settings" for the domain.
Each protection setting is specified as a
Castor-Authorization header in the form:
_administrators, post=domain-name, where the
domain in post=domain-name is blank if you choose
the "all users" protection setting.
Create named objects in a bucket post in the bucket