Regardless of the security model you choose, Shared or Integrated, users must be added to Yarkon using the Admin Console. This is how you will grant end-users access to the S3 bucket through the Yarkon Web Client.
User management is done from the Users page in the console. Get to it by clicking on the Users option on the left sidebar.
The image shows the users form immediately after setup, following the procedure described in Setting Up Yarkon Using an AMI.
There is only one user defined, the admin user that was created when the application was set up.
To illustrate the process from start to finish, we will add the user Fiona to the system. In case you are using the Integrated Security Model, Fiona is the user we added to the Finance group when we built our demo organization, in Setting Up an Organization in AWS. If you are using the Shared Security Model, there is no need to add the users to AWS IAM.
Click the “Add” button above the list, and in the Add User form displayed, put in the required details. Note that if you choose to use the Integrated Security Model, you must put the AWS name for this user in the AWS Name field. If you do not do that, this user will have no access to S3 using the Yarkon Web Client.
Note: The user role can be either “User” or “Administrator”. An “Administrator” is a user who can use the Yarkon Admin Console, as you are doing now. It absolutely does not grant the user any administration rights in the AWS account, it only pertains to the Yarkon Admin Console.
Click the “Add” button to complete.
Verify that the user was added to the users list.
Note: you can always verify that the user has access to S3, and what access permissions the user actually has, by using the Users screen and clicking on the action button next to the user name, then choosing the View Buckets menu option. It will show a form listing all buckets this user can access, based on the permissions defined in AWS S3.
When the user is added, a welcome email is sent to the email address specified for this user, with the URL and credentials for logging in to the system, using the Yarkon web client application.
For simplicity and uniqueness cross organization, the username assigned to the user is their email.
Note: for this feature to work, an email server must be available for the Yarkon Admin Console application. If you are using Yarkon Cloud, this is taken care for you. If you are using Yarkon Server, the setup of the mail server was handled when the application was originally installed, but it can be changed at any time using the “Administration” screen.
Clicking the button in the email will open the Yarkon web client in your web browser.
When the user accesses the Yarkon web client application for the first time, she is prompted with a Set Password dialog, giving her the opportunity to choose her password, instead of the automatically generated temporary password.
Once the password was successfully updated from the temporary one to the user’s choice, the main application window will open. The user will only see the buckets that she is allowed to view, based on the permissions granted to her.
In the case of this guide, the buckets user Fiona can access are the following:
No other bucket in the S3 account should be available for this user. The client view will therefore look like this: