ECS user scope

ecs-object-user-scopeObject user names can be either unique all federated VDCs or just in the specific namespace. That short post explains how to configure ECS user scope.

The user scope can be either GLOBAL or NAMESPACE.

  • In GLOBAL scope, object user names are unique across all VDCs in the ECS system.
  • In NAMESPACE scope, object user names are unique within a namespace, so the same object user account names can exist in different namespaces.

The default setting is GLOBAL. If you are going to use ECS in a multi-tenant configuration and need to ensure that tenants are not prevented from using object user names those are in use by other tenants (another namespaces), you should change a scope to NAMESPACE.

Important: The user scope setting must be made before the first object user is created ! Later you’ll not be able to do that.

The way how to change a user scope is described below.

  • Authenticate as root.
  • Save auth token to a cookie file
host$ curl -ks -u root:ChangeMe -c cookiefile
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><loggedIn><user>root</user></loggedIn>
  • Check the current object user scope.
  • GLOBAL scope is the default one.
host$ curl -ks  -b cookiefile
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><property_info><properties><entry><key>user_scope</key><value>GLOBAL</value></entry></properties></property_info>
  • Prepare .xml file
  • Enable NAMESPACE scope
host$ echo "<property_update><properties><entry><key>user_scope</key><value>NAMESPACE</value></entry></properties></property_update>" > enable_namespace.xml 
host$ curl -ks -X PUT -H "Content-Type: application/xml"  -b cookiefile -d @enable_namespace.xml
  • Check if NAMESPACE is the current scope
host$ curl -ks  -b cookiefile
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><property_info><properties><entry><key>user_scope</key><value>NAMESPACE</value></entry></properties></property_info>

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s