S3 API Compatibility and Permissions
This document lists all S3 API operations, their support status and required permissions.
Permission Structure
Storadera uses the simplified S3 permission structure.
Each account can create one or more Roles.
Each Role can have a different set of permissions.
Each Role has up to two S3 keys.
There are 2 levels of permissions for Role:
– Role level permissions
– Bucket level permissions
In some cases, the operation requires both levels of permissions.
Role Level Permissions
| Permission | Description |
| Admin buckets | Can modify bucket settings (versioning, object lock, etc.). Applies only to buckets with Write access |
| Create buckets | Allows creating new buckets. Requires Bucket access: All |
| Delete buckets | Allows deleting buckets. Requires Delete permission for that bucket |
Bucket Level Permissions
| Bucket access | Description | New buckets |
| All | All buckets are accessible | Automatically accessible |
| Custom | Select custom permissions for every bucket | Not accessible |
When Bucket access is Custom, each bucket can have one of these modes:
| Mode | Description |
| None | No access to the bucket |
| Full | Full access (List + Read + Write + Delete) |
| Limited | Select specific permissions from: List, Read, Write, Delete |
Individual permissions (for Limited mode):
| Permission | Description |
| List | List objects in bucket |
| Read | Read objects and bucket info |
| Write | Write/modify objects |
| Delete | Delete objects |
Bucket Permission Check Logic
For operations requiring bucket level permissions:
– If Bucket access is All → Full access granted to all buckets
– If Bucket access is Custom → checks per-bucket permission mode and settings
Supported Operations
Bucket Operations
| Operation | Permissions Required |
| CreateBucket | Create buckets |
| DeleteBucket | Delete buckets (role level) + Delete |
| GetBucketAcl | Read |
| GetBucketLocation | Read |
| GetBucketVersioning | Read |
| GetObjectLockConfiguration | Read |
| HeadBucket | Read |
| ListBuckets | Bucket access: All → all buckets, otherwise only buckets with permissions |
| PutBucketVersioning | Admin buckets (role level) + Write |
| PutObjectLockConfiguration | Admin buckets (role level) + Write |
Object Operations
| Operation | Permissions Required |
| CopyObject | Read (source bucket) + Write (target bucket) |
| DeleteObject | Delete |
| DeleteObjects | Delete |
| GetObject | Read |
| GetObjectRetention | Read |
| HeadObject | Read |
| ListObjects | List |
| ListObjectsV2 | List |
| ListObjectVersions | Read |
| PutObject | Write |
| PutObjectRetention | Write |
Multipart Upload Operations
| Operation | Permissions Required |
| AbortMultipartUpload | Delete |
| CompleteMultipartUpload | Write |
| CreateMultipartUpload | Write |
| ListMultipartUploads | List |
| ListParts | Read |
| UploadPart | Write |
| UploadPartCopy | Read (source bucket) + Write (target bucket) |
Unsupported Operations
Unsupported Bucket Operations
| Operation |
| DeleteBucketAnalyticsConfiguration |
| DeleteBucketCors |
| DeleteBucketEncryption |
| DeleteBucketIntelligentTieringConfiguration |
| DeleteBucketInventoryConfiguration |
| DeleteBucketLifecycle |
| DeleteBucketMetricsConfiguration |
| DeleteBucketOwnershipControls |
| DeleteBucketPolicy |
| DeleteBucketReplication |
| DeleteBucketTagging |
| DeleteBucketWebsite |
| DeletePublicAccessBlock |
| GetBucketAccelerateConfiguration |
| GetBucketAnalyticsConfiguration |
| GetBucketCors |
| GetBucketEncryption |
| GetBucketIntelligentTieringConfiguration |
| GetBucketInventoryConfiguration |
| GetBucketLifecycleConfiguration |
| GetBucketLogging |
| GetBucketMetricsConfiguration |
| GetBucketNotificationConfiguration |
| GetBucketOwnershipControls |
| GetBucketPolicy |
| GetBucketPolicyStatus |
| GetBucketReplication |
| GetBucketRequestPayment |
| GetBucketTagging |
| GetBucketWebsite |
| GetPublicAccessBlock |
| ListBucketAnalyticsConfigurations |
| ListBucketIntelligentTieringConfigurations |
| ListBucketInventoryConfigurations |
| ListBucketMetricsConfigurations |
| PutBucketAccelerateConfiguration |
| PutBucketAcl |
| PutBucketAnalyticsConfiguration |
| PutBucketCors |
| PutBucketEncryption |
| PutBucketIntelligentTieringConfiguration |
| PutBucketInventoryConfiguration |
| PutBucketLifecycleConfiguration |
| PutBucketLogging |
| PutBucketMetricsConfiguration |
| PutBucketNotificationConfiguration |
| PutBucketOwnershipControls |
| PutBucketPolicy |
| PutBucketReplication |
| PutBucketRequestPayment |
| PutBucketTagging |
| PutBucketWebsite |
| PutPublicAccessBlock |
Unsupported Object Operations
| Operation |
| DeleteObjectTagging |
| GetObjectAcl |
| GetObjectAttributes |
| GetObjectLegalHold |
| GetObjectTagging |
| GetObjectTorrent |
| PutObjectAcl |
| PutObjectLegalHold |
| PutObjectTagging |
| RestoreObject |
| SelectObjectContent |
| WriteGetObjectResponse |