Nexfs Identity Management System
Nexfs Managing User Accounts
Accounts are required to access the Nexfs Management API, Management Console and the Content (S3) Server.
Accounts are configured through the Nexfs management console. First, select "Identity & Access" from the left side menu and then "Accounts"
Existing Nexfs accounts will be listed, existing accounts can be viewed and edited by clicking the "edit icon" to the left of an account. Accounts are created by clicking the "Add" button below the list.
To delete an account, first click on "edit" and then "delete"
When creating or editing an account the "Nexfs User Management" window will open.
Accounts include the following fields
User ID: (Required) The account login when authenticating to the management console or API. The user ID is also the Content Server / S3 Access Key ID
Account Enabled: If the account can be used.
Name: (Required) Free text field. Used to identify the account, for example, a user's full name.
Management Secret: (Optional) The password aka "secret" the account uses to authenticate against the manage console or service. If empty, then the account cannot access the service. Note: For security, the existing secret is not shown when editing an account, and is not updated when saving changes unless it is specifically changed.
Content (S3) Secret (Optional): The "secret access key" the account uses to authenticate against the content server (S3 service). If empty, then the account cannot access the service. Note: For security, the existing secret is not shown when editing an account, and is not updated when saving changes unless it is specifically changed.
POSIX UID / GID (Optional): Accounts can be configured with POSIX UIDs and GIDs, when configured the account will assume the POSIX account with the same UID or primary group as the POSIX GID when using the S3 API to access buckets/files etc, in the Nexfs filesystem. When no UID or GID is set, the accounts will assume the default configured UID and GID.
Email: (Optional) Can be used to store a users email address, If an email address is configured on an account, that email address can be matched in S3-style policy statements.
Account Description: (Optional) Free text. It can be used to store additional information about an account. This is not used by Nexfs.
Roles: (Optional) Accounts are assigned "User Content Roles" and "Management Roles" that restrict and allow the operations an account can action. An account can be assigned a maximum of 16 content and 16 management roles. Note: If an action is explicitly denied through any assigned role, then that action account be used by the user even if the action is allowed through another assigned role.
Use the "Create" button to create a new account, or the
"Save" button to save changed to an existing account.
An account can be deleted using the "delete" button.
Use the "Cancel" button to close the user management window without making or saving changes.