The following section describes roles and authentication policies when creating tenant domains from the Netmail Store Admin Console.
Each tenanted domain contains an
_administrators bucket. This bucket contains a list of users selected by the administrator called domain managers. These users can modify the domain stream and adjust the domain protection settings to grant new users
POST privileges to each bucket in the domain.
Domain managers listed in the
_administrators bucket can modify the domain object, which lets them manage domain users:
- Add new users to the domain
- Manage user lists for the domain
The administrator can add new domain managers to the list as needed to support the number of users who access the domain in a multitenant environment.
Note: If creating objects (including buckets) is restricted to domain users through the domain protection settings, by default users in the
_administrators bucket can only modify the domain.
Tenant User List
The domain stream (for example, MYDOMAIN) contains a user list that is empty when you initially create the domain. This list defines the users who are given
POST privileges in the domain.
The user names and passwords in the list are hashed using the algorithm defined for Digest Access Authentication by the Internet Engineering Task Force (IETF). This method allows Netmail Store to provide secure HTTP authentication without sending password information in clear text through an unsecure network.
Contact your Support representative for information on creating user lists in your Netmail Store storage cluster.