minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

Remote tier needs DeleteObjectVersion if remote bucket is versioned (#1089)

Browse Source 
If the remote tier bucket is versioned, MinIO requires additional
permissions to successfully transition objects. But it is not
recommended, as each object version becomes a distinct object on the
remote tier.

This is not new, it was omitted from the docs. Mention, but discourage.

Staged:

http://192.241.195.202:9000/staging/DOCS-1016/linux/reference/minio-mc/mc-ilm-tier.html#transition-permissions

Fixes https://github.com/minio/docs/issues/1016

---------

Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
This commit is contained in:
Andrea Longo
2024-01-03 16:52:11 -07:00
committed by GitHub
parent a065b7a29f
commit c5b43238d6
2 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/extra/examples/LifecycleManagementUser.json
View File

@ -24,4 +24,4 @@
"Sid": ""
}
]
}
}

14
source/reference/minio-mc/mc-ilm-tier.rst
View File

@ -81,7 +81,7 @@ To create tiers for object transition, MinIO requires the following administrati
- :policy-action:`admin:SetTier`
- :policy-action:`admin:ListTier`
For example, the following policy provides permission for configuring object transition lifecycle management rules on any bucket in the cluster:.
For example, the following policy provides sufficient permissions for configuring object transition lifecycle management rules on any bucket in the cluster:
.. literalinclude:: /extra/examples/LifecycleManagementAdmin.json
:language: json
@ -93,7 +93,7 @@ Transition Permissions
Object transition lifecycle management rules require additional permissions on the remote storage tier.
Specifically, MinIO requires the remote tier credentials provide read, write, list, and delete permissions.
For example, if the remote storage tier implements AWS IAM policy-based access control, the following policy provides the necessary permission for transitioning objects into and out of the remote tier:
For example, if the remote storage tier implements AWS IAM policy-based access control, the following policy provides the necessary permissions for transitioning objects into and out of the remote tier:
.. literalinclude:: /extra/examples/LifecycleManagementUser.json
:language: json
@ -101,6 +101,14 @@ For example, if the remote storage tier implements AWS IAM policy-based access c
Modify the ``Resource`` for the bucket into which MinIO tiers objects.
.. admonition:: Avoid enabling versioning in the remote tier
:class: important
MinIO strongly recommends against enabling bucket versioning for remote tiers.
If the remote tier bucket is versioned, each source object version is transitioned to a *unique object* in the remote tier.
If your environment requires versioning for the remote tier, you must also allow the ``s3:DeleteObjectVersion`` permission.
Defer to the documentation for the supported tiering targets for more complete information on configuring users and permissions to support MinIO tiering:
- :aws-docs:`Amazon S3 Permissions <service-authorization/latest/reference/list_amazons3.html#amazons3-actions-as-permissions>`
@ -117,4 +125,4 @@ Defer to the documentation for the supported tiering targets for more complete i
/reference/minio-mc/mc-ilm-tier-info
/reference/minio-mc/mc-ilm-tier-ls
/reference/minio-mc/mc-ilm-tier-rm
/reference/minio-mc/mc-ilm-tier-update
/reference/minio-mc/mc-ilm-tier-update