Prerequisites to enable S3 Multitenancy
Before you proceed to enabling the feature, you must understand the prerequisites that is required mandatorily.
- To have a secure cluster, you must enable Kerberos Authentication. For more information, see Securing the cluster using Kerberos.
- You must perform a one-time configuration change in Ranger UserSync to add an om user or short username that Ozone Manager is using for Kerberos authentication to the ranger.usersync.whitelist.users.role.assignment.rules configuration.
- You must have a minimum of one S3 Gateway setup in order to access the tenant buckets with S3 API. For more information, see Using Ozone S3 gateway.
- You can create additional Ozone policies using Ranger, For more information, see Configure a resource-based policy.