Available actions per role
Object Storage roles support the following actions:| Action | storage.object-viewer | storage.object-lister | storage.editor | storage.viewer | storage.uploader | storage.object-editor |
|---|---|---|---|---|---|---|
GetObject | ✓ | — | ✓ | ✓ | — | ✓ |
HeadObject | ✓ | — | ✓ | ✓ | — | ✓ |
PutObject | — | — | ✓ | — | ✓ | ✓ |
DeleteObject | — | — | ✓ | — | — | ✓ |
DeleteObjects | — | — | ✓ | — | — | ✓ |
ListObjectsV2 | — | ✓ | ✓ | ✓ | — | ✓ |
ListObjects | — | ✓ | ✓ | ✓ | — | ✓ |
ListObjectVersions | — | ✓ | ✓ | ✓ | — | ✓ |
CreateMultipartUpload | — | — | ✓ | — | ✓ | ✓ |
CompleteMultipartUpload | — | — | ✓ | — | ✓ | ✓ |
AbortMultipartUpload | — | — | ✓ | — | ✓ | ✓ |
ListMultipartUploads | — | — | ✓ | ✓ | ✓ | ✓ |
UploadPart | — | — | ✓ | — | ✓ | ✓ |
UploadPartCopy | — | — | ✓ | — | ✓ | ✓ |
CopyObject | — | — | ✓ | — | ✓ | ✓ |
PostObject | — | — | ✓ | — | ✓ | ✓ |
HeadBucket | — | — | ✓ | ✓ | ✓ | — |
CreateBucket | — | — | ✓ | — | — | — |
GetBucketLifecycleConfiguration | — | — | ✓ | ✓ | ✓ | — |
PutBucketLifecycleConfiguration | — | — | ✓ | — | — | — |
PutBucketCORS | — | — | ✓ | — | — | — |
PutBucketVersioning | — | — | ✓ | — | — | — |
GetBucketVersioning | — | — | ✓ | ✓ | ✓ | — |
GetBucketLocation | — | — | ✓ | ✓ | ✓ | — |
CopyObject and UploadPartCopy actions require roles that have both Download and Upload permissions.
For example, to be able to copy an object, the user needs to have one of the following roles or combinations of roles:
storage.viewer+storage.uploaderstorage.object-viewer+storage.uploaderstorage.editorstorage.object-editor