ObjectScale manages users through Identity and Access Management (IAM), which enables secure, fine-grained access control to S3 resources. This functionality ensures that each access request to the resource is identified, authenticated, and authorized. With IAM, you can add users, roles, and groups. You can also grant and restrict access by adding policies to the IAM entities.
We recommend the following guidelines for your user accounts:
- Lock away your root access keys and do not use the root user for your tasks. Instead, use your root user credentials only to create your IAM admin user. Then securely lock away the root user credentials and use them to perform only a few account-management and service-management tasks.
- Do not share the IAM credentials between users. Preferably, applications should use temporary credentials, using an IAM role for accessing.
- Change access keys regularly to avoid misuse of compromised credentials.
- Delete IAM user credentials that are no longer required.
- When creating IAM policies, follow the standard security advice of granting least privilege, or grant only the permissions that are required to perform a task.
- Do not define permissions for individual IAM users who perform similar job functions. Create groups, define the permissions for each group, and assign IAM users to groups.