Permissions - Wasabi

Permissions - Wasabi

This article contains minimal permissions for the Wasabi bucket required to use the bucket as backup storage in the Xopero ONE service. The policies provided below allow you to add your own Wasabi storage to the Xopero ONE platform, store the backup data there and restore it if needed.

Wasabi bucket policy

Access keys are generated per Wasabi account user. You can check the list of access keys after logging in to your account in the Access Keys tab.


Wasabi account user list


In order to create a new user account or edit the rights of an existing one, go to the Users tab. Select WasabiReadOnlyAccess and WasabiWriteOnlyAccess on the form for adding a new account or editing, in the Policies section.
Adding user permissions

Support for Immutable Storage

If you want to use the Immutable storage, the following permissions are required:
s3:GetBucketObjectLockConfiguration - required to read Object Lock configuration.
s3:GetBucketVersioning - required to read the versioning configuration.

Remember, that the Immutable Storage configuration is available only when creating the new bucket - there is no option to enable Immutable Storage in an already existing bucket!
Retention and/or versioning enabled for the bucket may result in the storage of additional data. It is recommended that the retention in Xopero ONE be longer than the one set for storage. Otherwise, it may lead to storage being overloaded!


It must be added to the Action section, and after the changes, the section must look like the below:

"Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:PutObject",
                    "s3:DeleteObject",
		    "s3:GetBucketVersioning",
	            "s3:GetBucketObjectLockConfiguration"
               ],


More details about how to create or edit a bucket policy available on Amazon documentation:




    • Related Articles

    • Setting up - Wasabi

      Xopero ONE provides support for multiple cloud storage providers including the Wasabi platform. This article describes the process of setting up a Wasabi bucket as storage in Xopero ONE. Adding the storage In order to add new storage to Xopero ONE ...
    • Roles and permissions

      This article contains information about the additional user's roles and permissions. Roles and permissions Xopero ONE gives you the possibility to choose between 4 different roles: System administrator - the most powerful and privileged account with ...
    • Required permissions for GitLab

      Account The permissions the app needs to log into your account: Access the authenticated user's API Xopero ONE need read/write access to the API, including all groups and projects, the container registry, and the package registry. Token/password The ...
    • Permissions - AWS S3

      This article contains minimal permissions for the Amazon AWS S3 bucket required to use the bucket as backup storage in the Xopero ONE service. The policies provided below allow you to add your own AWS S3 storage to the Xopero ONE platform, store the ...
    • Permissions - Google Cloud Storage

      IAM roles and permission To use Google Cloud Storage as backup storage in the Xopero ONE service it's recommended that the GCS user has the Identity and Access Management (IAM) role of Storage Admin (roles/storage.admin - grants full control of ...