Nutanix Objects, part of Nutanix Unified Storage (NUS), provides S3-compatible object storage. After installing Objects and creating a bucket, the administrator is accessing the bucket via its reference URL (e.g., the S3 endpoint) using an Active Directory (AD) account but cannot write data. This indicates a permissions or configuration issue related to the AD account’s access to the bucket.
Analysis of Options:
Option A (Replace SSL Certificates at the Objects store level): Incorrect. SSL certificates are used for secure communication with the Objects store (e.g., HTTPS access via the reference URL). While an invalid or untrusted certificate might cause connection issues, the administrator can access the bucket (as they are attempting to write), so the issue is not with SSL certificates—it’s with write permissions for the AD account.
Option B (Verify Access Keys for the user): Incorrect. Access Keys (e.g., AWS-style access key and secret key) are used for programmatic access to Nutanix Objects via S3 APIs. However, the question specifies that the administrator is using an AD account, which suggests authentication via AD integration (e.g., SSO or LDAP). In this case, Access Keys are not relevant—permissions are managed through AD user accounts and bucket policies, not S3 Access Keys.
Option C (Verify sharing policies at the bucket level): Correct. Nutanix Objects supports AD integration for user authentication, allowing AD accounts to access buckets. However, bucket access (e.g., read, write) is controlled by sharing policies (or bucket policies) defined at the bucket level. If the AD account cannot write data, the sharing policy likely does not grant write permissions to the user or their AD group. The administrator should verify and update the bucket’s sharing policies in Prism Central to ensure the AD account has write access.
Option D (Reset the Active Directory user password): Incorrect. Resetting the AD user password might resolve authentication issues (e.g., if the password was incorrect), but the question implies the administrator can authenticate and access the bucket (since they are attempting to write). The issue is with write permissions, not authentication, so resetting the password will not resolve the problem.
Why Option C?
When using an AD account to access a Nutanix Objects bucket, permissions are managed through bucket-level sharing policies. The inability to write data indicates that the AD account (or its associated group) lacks write permissions in the bucket’s policy. Verifying and updating the sharing policies in Prism Central to grant write access to the AD account resolves the issue, ensuring the user can write data to the bucket.
Exact Extract from Nutanix Documentation:
From the Nutanix Objects Administration Guide (available on the Nutanix Portal):
“Nutanix Objects supports Active Directory integration for user authentication. Bucket access for AD accounts is controlled by sharing policies at the bucket level. If an AD user cannot write data to a bucket, verify the sharing policies in Prism Central to ensure the user or their AD group has write permissions.”
[:, Nutanix Objects Administration Guide, Version 4.0, Section: “Managing Bucket Access with AD Accounts” (Nutanix Portal)., Nutanix Certified Professional - Unified Storage (NCP-US) Study Guide, Section: “Nutanix Objects AD Integration”., , ]
