Copyright © 2010 Caringo, Inc.
All rights reserved 13
See one of the following sections for more information about tenants:
• Section 4.1, “Terminology Related to Tenant Security”
• Section 4.2, “About the Default Cluster Domain”
• Section 4.3, “Security Privileges for Administrative Operations”
• Section 4.4, “Rules and Recommendations for Managing Tenants”
• Section 4.5, “Domain Naming Rules”
• Section 4.6, “Adding, Editing, or Deleting Tenants”
• Section 4.7, “Other Cluster Administrator Tasks”
4.1. Terminology Related to Tenant Security
Following are basic terms related to DX Storage security:
• Authorization list: List of SCSP operations that users in a security realm are allowed to execute.
The authorization list is specified by the Castor-Authorization header, which is discussed in
detail in the DX Object Storage Application Guide.
An authorization list can be associated with a domain, bucket, or named object.
• User list (also referred to as a security realm or a realm): List of user names and passwords
that are hashed using the algorithm defined for Digest Access Authentication. A user list can be
associated with a domain or bucket.
Domain managers are responsible for managing realms and authorization lists for the domain.
You create domain managers as discussed in this chapter.
DX Storage uses the following roles to determine who can perform different types of actions in the
• Cluster administrator (that is, you): You are responsible for creating tenants and domain
managers; and you are responsible for the overall maintenance, management, and monitoring of
You maintain the list of cluster administrators using the administrators parameter in the
cluster or node configuration file. For more information, see Section 6.2, “Managing DX Storage
Administrators and Users”.
• Domain manager: Maintains the domain manager user list, and determines which realms can
create buckets in a domain.