Ceph - Unable to set a per user or group ACL in Ceph / RadosGW when using Keystone

Solution Verified - Updated -


  • When setting a Ceph Container Storage ACL and using the OpenStack ACL rules syntax, we found that ACLs involving groups or users are not accepted nor effective.

  • The only accepted ACLs are the default *:* and .r:*. Everything else fails.


  • Red Hat Ceph Storage 2
  • Red Hat Ceph Storage 3
  • Keystone-backed authentication framework

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In