Skip to main content
NetApp Knowledgebase

StorageGRID S3 bucket policy is not applied correctly when the account root is specified in the Principal element

Applies to

StorageGRID 11.3

Issue

StorageGRID S3 bucket policy is not applied correctly when the account root is specified in the Principal element.
 

Example:

Not only the account root but all users in the tenant account ID 01234567890123456789 are allowed full access to the bucket-test bucket by applying the following policy.

{
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": {
             "SGWS": [
                  "urn:sgws:identity::01234567890123456789:root"
              ]
         },
         "Action": [
             "s3:*"
         ],
         "Resource": [
             "urn:sgws:s3:::bucket-test",
             "urn:sgws:s3:::bucket-test/*"
         ]
      }
   ]
}

 

 

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support