It would be nice to have sub-bucket permissions on s3 storage (specifically the OSN). This seems impossible given the flat storage model, but I thought I would ask here!
Here is the use case I have in mind:
We have directories that hold “blinded” data that analyzers are trying not to look at during the first part of an analysis. It would be nice if we could apply special permissions to these folders, so for example “admin can rw, group can x” permissions on files whose names contain *blinded*
So I guess in general I’m wondering if (1) it’s possible to have multiple authentication keys that provide different access levels and (2) if permissions for files within a single bucket can be different and be set by e.g. path matching.
Globus might help you with what you want to do. I have done this with posix and google drive connectors but not s3 connectors. Check this link(How to Access Your Files on AWS S3 with Globus) from the globus site. Good luck
I just started using OSN. Their folks are very helpful, and I did ask about basic permissions.
On OSN, buckets can either be ‘all private’ or an ‘all public’. You can request two buckets, one private and one public.
Given that constraint, I guess you could have, say, two private buckets. Each will have its own key. If the person is not a data manager, then they wouldn’t see the Keys in the Storage Portal. Then, as the data manager, you can give them only one of the keys. I think that would work.
Oh, by the way - if this question is specifically about OSN, then maybe we can change the title of your post. In regular S3 you can change ACLS as you like. But for OSN, no.
I think the purpose of OSN is to facilitate Open Science sharing of massive data, so I were managing OSN, I might say that adding ACL features and other specialty features is not in scope with their mission and that regular S3 would be more appropriate for folks who needed that finer level of control.
