Authorization and Authentication

System -> User Management -> Container

Privileged access to containers is managed on a per-container basis. This page displays the list of available users and groups. This is also where the authentication mode can be defined.

The right and privileged of data stored in the container follows these rules:

Once a Workflow copy data into a Container ; the right and privilege of the original data are kept. This requires having Container user permission well configured to authorize these users to access their files.
If end users copy files through container in using SMB protocols, the rights will be the one defined in the Container access. Rights granted by the Container and associated permission schema.

Three types of authorization and authentication are available to access Container:

Local users and groups
Active Directory
LDAP

Configure the Authentication Services

Local users only

The default configuration is to use local user and group settings. The other two options are available to connect to either Active Directory or LDAP service.

Active Directory

The configuration allows the definition of an Active Directory connection. Validate all settings before saving them using the "Test connection" button. The "Save" button will confirm the connection to the selected Active Directory server and will join the Nodeum server to the Active Directory domain.

LDAP

This last configuration allows you to define a connection to an LDAP service. Validate all the settings before saving them by pressing the "Test Connection" button. The "Save" button confirms the connection to the selected LDAP server.

Create local User & Group

Click on the button '+' to add a new user:

Then this modal appears, and complete the information and save it:

User Name: Name of the User you would like to create,
Password: Password for this User,
Confirm Password: Retype the password to confirm it,
Optional: Select the group you want this user associated with.

For creating a new group, you have to go to the according tab "group"

Then this modal appears, and complete the information and save it:

Group Name: Name of the Group you would like to create.
Select the user(s) you want to include in this group.

Generate S3 policy for a local User

It is possible to generate an S3 policy for any defined local user to enable S3 access to a container.

The procedure is to create the user as defined in the previous section. Once done, you need to edit it and follow these steps:

In this panel, you will see the URL and credentials required to access the S3 object storage console available. Copy in your clipboard the available S3 policy generated.

Then access the Minio Console url in using the Root User and Root Password available. Create through the Access menu a new policy and paste the policy from the clipboard.

Then, create a user, define your own password, and attach the defined policy to this user.

Once done, you are ready to access the Container through S3 with the user you have created. By default, the access to the Container in S3 are done through the port 9000.