confusion about the consepts like account, user, group , reseller, admin
I am new to swift , and I get quite confused about some concepts here.
I've successfully installed swift 1.4.3 on ubuntu 10.04, but I have to many questions about the administration work about swift
For auth subsystem I also tried both tempauth and swauth1.0.2
1. account and user
It seems that when you create a user, you also need to specify an account for that user
for example ,
if I use tempauth, I have to write in the proxy-server.conf something like
the format is actually :
similarly, if I use swauth
I don't understand the relation beteween the account and user.
It seems to me that we can have multiple users under one account.
So, does every account have its own namespace for username ? I mean can user in different account have the same username?
What's the difference beween users in the same account and users in different account ?
Is there some access rule for that?
From the Open stack Object storage adminstrator manual
I quote here
"Generally speaking, each user has their own storage account and has full access to that account. Users must authenticate with their credentials as described above, but once authenticated they can create/delete containers and objects within that account. The only way a user can access the content from another account is if they share an API access key or a session token provided by your authentication system."
I get confused, should I give each user a different account or we can let users share one account.
And if users share one account, what's their permission to those containers and objects created by others who are in
the same account with them ?
the confusion about user access permisson in one account lead to my second question
How do I implement acl rules for users
I have read the developer api document，I got nothing about acl in that
I did find something about set acl rules with "swift post -r -w "
but it doesn't explain the format for the acl rules
the guide on http://
so may be I should use it with the " swift post -r / -w " ?
Since the swift cli is build above swift restful api, I think there should be someway I can directly use restful api to set acl rules for both containers and objests, right?
So, I guess I must have missed some documents about this kind of api, please help me find that.
3. about reseller , admin
From both swauth and tempauth, when you create a user, you can make the user a reseller admin or accout admin.
in tempauth: user_<account>
group can be .reseller_admin .admin
in swauth: swauth-add-user [options] <account> <user> <password> with -a or -r option
I got this from the proxy-server.
# .reseller_admin= can do anything to any account for this auth
# .admin = can do anything within the account
and in swauth, theres is this super_admin, it is the site admin, right?
so does a reseller admin have the same permission with site admin ?
4. about group
so, what exactly does group mean in swift
reseller admin and accout admin are both some kind of group in swift ?
I notice that the swauth api doc also mentioned 'group' in the section "user service - > Get User Details"
Is there other group I can use besides reseller admin and account admin ? or I can just self define some group?
I how can I use the group and how it affect uers ?