Skip to content

Subuser

A subuser is subordinate to a main user and has access to the same Buckets as the main user.
Subusers have their own Keys. Their permissions can be customized individually to restrict access to buckets as needed.

Creating a Subuser

Once you have created at least one user in your Object Storage project in MyNWS, you can create subusers for that user.

Switch to the Subusers tab and click on Create Subuser. A dialog with configuration options will open.

Configuration Options

Main User

Select the main user for whom the subuser should be created.

Subuser Name

Provide a name for your subuser.
Supported characters are numbers, uppercase and lowercase letters, and hyphens.

Access Permissions

You can restrict the subuser's permissions.
If no other option is selected, the subuser receives the full access permission by default.
This gives it the same rights as the main user.

Additional options:

  • read – read‑only access to the main user's buckets
  • write – write‑only access to the main user's buckets
  • readwrite – read and write access to the main user's buckets (no access to Access‑Control‑Policies, unlike full)
What does Access Control Policy mean?

Access‑Control‑Policies (ACP) define which users or subusers may access certain resources such as buckets or objects and which actions are allowed (e.g., read, write, delete).
Only subusers with the full permission may read and modify these policies.
Subusers with readwrite can read and write objects, but cannot view or change access policies.

Key Type

When creating a subuser, a key is generated automatically.
The Key Type indicates which protocol (S3 or Swift) is used.
You can choose between S3 (compatible with S3 clients) and Swift (compatible with Swift clients).

Tip

If you are unsure which key type you need, start with S3.
The key can be deleted and regenerated at any time.