document RBAC preference in S3 access #10707
Comments
donsizemore
added a commit
to uncch-rdmc/dataverse
that referenced
this issue
Dec 19, 2024
donsizemore
added a commit
to uncch-rdmc/dataverse
that referenced
this issue
Dec 20, 2024
donsizemore
added a commit
to uncch-rdmc/dataverse
that referenced
this issue
Dec 20, 2024
donsizemore
added a commit
to uncch-rdmc/dataverse
that referenced
this issue
Dec 20, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
v5.14 introduced RBAC access, which introduced unanticipated S3 credential preference, which @qqmyers addressed here: https://github.com/IQSS/dataverse/blob/develop/src/main/java/edu/harvard/iq/dataverse/dataaccess/S3AccessIO.java#L1197
If I understand correctly, if a role is assigned to an EC2 instance powering Dataverse but doesn't contain a policy granting access to an S3 bucket, RBAC is still preferred over some other methods and Dataverse will receive 403 Forbidden responses from S3 despite the local configuration appearing to be correct in domain.xml.
Jim proposed a feature flag to cause Dataverse to ignore RBAC for S3 access, which may aid administrators who want or need to configure S3 access outside of RBAC.
The text was updated successfully, but these errors were encountered: