O'Reilly logo

Ceph Cookbook - Second Edition by Karan Singh, Michael Hackett, Vikhyat Umrao

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Ceph authorization

In the last recipe, we covered the authentication process used by Ceph. In this recipe, we will examine its authorization process. Once a user is authenticated, he is authorized for different types of access, activities, or roles. Ceph uses the term capabilities, which is abbreviated to caps. Capabilities are the rights a user gets that define the level of access they have to operate the cluster. The capability syntax looks as follows:

{daemon-type} 'allow {capability}' [{daemon-type} 'allow {capability}']

A detailed explanation of capability syntax is as follows:

  • Monitor caps: Includes the r, w, x, parameters, and allow profiles {cap}. For example:
        mon 'allow rwx' or mon 'allow profile osd'
  • OSD caps: Includes r,

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required