# Manage Object Users **Object users** are users created to perform operations on cegedim.cloud Object Storage service using the **S3 API**. An **Object user** is represented by: * an **access\_key** * a **secret\_key** {% hint style="info" %} When you create an **Object Store**, an **Object user** is automatically created with the label "***Initial S3 user***" {% endhint %} ## Create an Object user In the detailed page on your **Object Store**, click on the "**Add User**" button

Enter a "**Label**" to easily identify this new **Object user**, then click on the **Submit** button:

Once **Object User** created, a pop-up appears, displaying the **`access_key`** and the **`secret_key`**. You can close this pop-up once you have save your credentials.

The newly created **Object user** is displayed in the **User** tab:

## Manage an Object user ### Change the label You can change the label of an **Object User**, using the ![](https://docs.cegedim.cloud/download/thumbnails/102140875/image2022-11-10_15-49-40.png?version=1\&modificationDate=1668091781015\&api=v2) button

### Lock or Unlock You can lock or unlock an **Object Use**r using the ![](https://docs.cegedim.cloud/download/thumbnails/102140875/image2022-11-10_15-51-39.png?version=1\&modificationDate=1668091899383\&api=v2) button:

An **Object User** locked have a closed green pad lock ![](https://docs.cegedim.cloud/download/thumbnails/102140875/image2022-11-10_15-59-11.png?version=1\&modificationDate=1668092352015\&api=v2) on the left of the label and can't perform any operation using the **S3 API**.

### Renew a secret key You can at any time change the secret key of an **Object User** by clicking on the ![](https://docs.cegedim.cloud/download/thumbnails/102140875/image2022-11-10_16-0-52.png?version=1\&modificationDate=1668092452569\&api=v2) button. {% hint style="danger" %} If you change the secret of an **Object User**, all applications or clients using it will get a **`401 Unauthorized Error`**. {% endhint %} {% hint style="warning" %} The change of a secret key can take few minutes to propagate over all cegedim.cloud Object Storage Service. {% endhint %}

You have the possibility the specify a "**grace period**", in seconds, during which, both old and new secret keys are valid and accepted by cegedim.cloud Object Storage Service. At the end of the grace period, the old secret key is invalidate. Once the action submitted, a popup appears displaying **the new secret key**:

You can close this pop-up once you have save your credentials. ## Delete an Object user You can delete an **Object User** by clicking on the ![](https://docs.cegedim.cloud/download/thumbnails/102140875/image2022-11-10_16-10-31.png?version=1\&modificationDate=1668093031811\&api=v2) button. {% hint style="danger" %} This action cannot be undone. {% endhint %}

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://academy.cegedim.cloud/storage/object-storage/object-storage-get-started/manage-object-users.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.