Home > Storage > PowerScale (Isilon) > Product Documentation > Protocols > Dell EMC PowerScale OneFS S3 Overview > OneFS S3 request authorization
OneFS supports the bucket ACL to control whether a user has permission for a bucket. When receiving a S3 request for a bucket operation, OneFS parses the user access ID from request header and evaluates the request according to the target bucket ACL. Figure 7 shows the authentication and authorization-evaluation-for-bucket operation.
To access OneFS S3 objects, the S3 request must be authorized in both the bucket and object level. When receiving an S3 request for an object operation, OneFS parses the username from the request header. If the request is to PUT or DELETE an object, OneFS evaluates the request according to the target bucket ACL. If authorized, OneFS evaluates the request against the OneFS file system ACL. Otherwise, OneFS evaluates the request against OneFS ACL directly. The Object ACL is derived from OneFS file system ACL and for representation only. See section 4.3.2 for more details about object the ACL and OneFS ACL.
Figure 8 shows the authentication and authorization evaluation for the object operation.