This document details some of the considerations of concern to a DuraCloud administrator.
Naming restrictions
- Space names
- The following restrictions apply to user-defined space names
- only lowercase letters, numbers, periods, and dashes
- no adjacent pair of "-" and/or "."
- no number immediately following the last "."
- between 3 and 42 characters
- must start with a letter
- may not end with a dash
- Note: Users can provide space names through the REST-API that do not follow these conventions, but the space actually created will have a different name under the covers.
- The following restrictions apply to user-defined space names
- Reserved space names
- Due to some specific operations exposed through the durastore REST-API, the following names are unavailable as user-defined space names
- init
- stores
- spaces
- security
- task
- Due to some specific operations exposed through the durastore REST-API, the following names are unavailable as user-defined space names
- Content object names
- The only restrictions are that a content object name
- cannot include a question mark '?' character
- cannot include a reverse solidus (backslash) '\' character
- is limited to 1024 bytes (byte count is checked after URL and UTF-8 encoding)
- The only restrictions are that a content object name
Access Control Lists (ACLs)
Access control in DuraCloud is set at the space level. Users and groups can be provided read and write access to a space.
- Users and Groups
- Access is granted to users, groups, or combinations thereof
- Users are those with credentials to access an account
- Groups are collections of users that are created in the Management Console
- Rights
- When assigning a space ACL, users and/or groupsv are granted one of two rights
- READ allows reading any content within that space
- WRITE allows reading, adding, and modifying any content within that space
- When assigning a space ACL, users and/or groupsv are granted one of two rights
- Public (anonymous) Access
- There is a special group named 'public' that can only be granted READ access to a space
- If the 'public' group has READ access, then unauthenticated (anonymous) reads of content are permitted on that space
- Use
- REST API can be used to programmatically create, update, and delete space ACLs
- DurAdmin provides authorized users to update space ACLs in the web interface
- REST API can be used to programmatically create, update, and delete space ACLs