Prerequisites to enable S3 Multitenancy

Before you proceed to enabling the feature, you must understand the prerequisites that is required mandatorily.

  • To have a secure cluster, you must enable Kerberos Authentication. For more information, see Securing the cluster using Kerberos.
  • You must perform a one-time configuration change in Ranger UserSync to add an om user or short username that Ozone Manager is using for Kerberos authentication to the ranger.usersync.whitelist.users.role.assignment.rules configuration.
  • You must have a minimum of one S3 Gateway setup in order to access the tenant buckets with S3 API. For more information, see Using Ozone S3 gateway.
  • You can create additional Ozone policies using Ranger, For more information, see Configure a resource-based policy.