I am looking at if we can implement some safety measures in the Ceph cluster; for example it would be nice if we had the ability to configure a cephx account for it to be allowed to create entried but edit/delete only those it created in the first place
from the ceph docs [1] it doesn't look like the authorization (capabilities) for a user can be configured to do so; if a cephx user has admin rights it can mess up with any existing user
I will dig more and see what if anything is possible
I am looking at if we can implement some safety measures in the Ceph cluster; for example it would be nice if we had the ability to configure a cephx account for it to be allowed to create entried but edit/delete only those it created in the first place
from the ceph docs [1] it doesn't look like the authorization (capabilities) for a user can be configured to do so; if a cephx user has admin rights it can mess up with any existing user
I will dig more and see what if anything is possible
1. https:/ /docs.ceph. com/en/ latest/ rados/operation s/user- management/ #authorization- capabilities