Prerequisites to enable S3 Multitenancy

Before you proceed to enabling the feature, you must understand the prerequisites that is required mandatorily.

To have a secure cluster, you must enable Kerberos Authentication. For more information, see Securing the cluster using Kerberos.
You must perform a one-time configuration change in Ranger UserSync to add an om user or short username that Ozone Manager is using for Kerberos authentication to the ranger.usersync.whitelist.users.role.assignment.rules configuration.
note
This would no longer be necessary once Ranger allows service admin users to create, update, and delete Ranger roles.
You must have a minimum of one S3 Gateway setup in order to access the tenant buckets with S3 API. For more information, see Using Ozone S3 gateway.
You can create additional Ozone policies using Ranger, For more information, see Configure a resource-based policy.