Users have roles on accounts. For example, a user with the admin role has full access to all containers and objects in an account. You can set access control lists (ACLs) at the container level and support lists for read and write access, which you set with the X-Container-Read and X-Container-Write headers.
To give a user read access, use the swift post command with the -r parameter. To give a user write access, use the -w parameter.
The following example enables the testuser user to read objects in the container:
$ swift post -r 'testuser'
You can also use this command with a list of users.
If you use StaticWeb middleware to enable Object Storage to serve public web content, use .r:, followed by a list of allowed referrers.
The following command gives object access to all referring domains:
$ swift post -r '.r:*'
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.