Accounts can be assigned "User Content Roles" that allow and restrict which Content/S3 operations an account can call.

An account can be assigned a maximum of 16 user content roles.

Each Role can enable or disable none or up to all actions specific to the nexfs context service.

User Content roles can be configured through the Nexfs management console. First, select "Identity & Access" from the left side menu and then "User Content Roles"

Existing roles will be listed.

A role can be deleted using the "Delete Role" button found under each role, or a role's details can be modified and then saved using the "Save Role" button, again located under each role. Note: The Role ID cannot be modified through the managment console.

The Role Version will automatically be updated as long as it is in the standard dd/mm/yyyy.x format; alternatively, the version can be updated manually.

To create a new role, click on the "Add Role" button displayed under the list of roles.

• A role requires a description / name.

• Optionally roles may be given allowed and denied policy identifiers.

• To select or deselect a action, click on the action, zero or more can be selected. The wildcard "*.*" represents all actions.

• Roles can also be enabled or disabled.

Note: if an action is explicitly denied, it cannot be used even if it is also explicitly allowed in this or any other policy assigned to an account.