Although the File Fabric supports sophisticated permissions for Amazon S3, AWS provides the ability to setup specific profiles using Amazon IAM (Identity and Account Management).
If you have existing users setup using Amazon S3 profiles via IAM, in which they have been set specific permissions to access a bucket, for use with the Enterprise File Fabric you will need to generate a keypair for each user.
To create a new secret access key for an IAM user, open the IAM console. Click Users in the Details pane, click the appropriate IAM user, and then click Create Access Key on the Security Credentials tab.
Once this is done using the File Fabric Admin user account the S3 credentials you can enter an S3 account in which, as Admin, you can choose to share bucket(s), or alternatively (pseudo) folders to users, in which the permissions are managed by SME.
The File Fabric ACL’s are permissive so once you have added an S3 cloud in this way, by default you would just convert or share a folder and thereafter add user permissions.
In this way you can use a single S3 Account to create access to common resources amongst users such as Marketing, Health and Safety, Archive, Project Docs etc.
However If you already have set IAM S3 profiles for users then via the File Fabric you can enable these users to add their own S3 provider that works with their IAM configured permissions.
This is done when logged in as the File Fabric Admin via Organization Options. Within Options there is a governance tab in which there is a section that can be configured to give the user the permission to add a ‘private provider’. As Admin you can choose to limit this to an S3 Account or choose other accounts such as Google Drive, DropBox etc.
When the Admin has configured the private providers option, users on login, can navigate to their dashboard and choose to add S3 to their File Fabric account with the individual IAM keypairs you had previously generated.
If you want to make the whole process even more intuitive, as the File Fabric Admin, you can choose to add a widget to the user home page after login which instructs them how to do this.
This can be configured via the branding option and choosing to configure the custom home message.
On completion you have a system in which users have access to their own configured IAM buckets whilst also having access to corporate configured folders / buckets.
Latest posts by Storage Made Easy (see all)
- How to securely web enable access to CIFS / SMB File Shares - January 12, 2021
- How To Easily Create Private Password Protected Amazon S3 Links And Folders - March 12, 2019