Abstract
This disclosure describes techniques of simplified, prefix-based, bucket-access management. Buckets are created with prefixes that uniquely identify buckets belonging to the same project or access-control group. For easier access management, the name of the resource provided by the user is prepended with a multi-character prefix followed by a hyphen to obtain the name of the underlying bucket in the object storage backend. Prefix-based access enables different access types to be defined for each namespace. The list of generated prefixes is stored centrally as a resource, thus avoiding data leaks via leaky permissions. From a user and organizational standpoint, prefix-based access control is simple, and enables a very large number of access-control groups. For a given project, a user with access to bucket and role-binding creation can create buckets and attach predefined access roles (reader, writer) to other users to enable them to have access over buckets and their objects.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Kharbanda, Alankrit; Houglum, Matt; Au, Michelle; and Yu, Xiangqian, "On-demand, Serverless, Container-based Object Storage and Bucket Creation with Prefix-based Access Control", Technical Disclosure Commons, (October 05, 2023)
https://www.tdcommons.org/dpubs_series/6299