# Manage Object Users

**Object users** are users created to perform operations on cegedim.cloud Object Storage service using the **S3 API**.

An **Object user** is represented by:

* an **access\_key**
* a **secret\_key**

{% hint style="info" %}
When you create an **Object Store**, an **Object user** is automatically created with the label "***Initial S3 user***"
{% endhint %}

## Create an Object user

In the detailed page on your **Object Store**, click on the "**Add User**" button

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-7ed532a4fed623a8be94ffc68b62dcad8350cc58%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

Enter a "**Label**" to easily identify this new **Object user**, then click on the **Submit** button:

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-c0f5d32cfdc79e654dded5900f378a530e315cd4%2Fimage%20(22).png?alt=media" alt=""><figcaption></figcaption></figure>

Once **Object User** created, a pop-up appears, displaying the **`access_key`** and the **`secret_key`**. You can close this pop-up once you have save your credentials.

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-1a0cc734ed0be56132beae7757fca4267b835b1e%2Fimage%20(23).png?alt=media" alt=""><figcaption></figcaption></figure>

The newly created **Object user** is displayed in the **User** tab:

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-23a9a68b40c83eefa7fec4bd6a9c9b8b40cffaf7%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

## Manage an Object user

### Change the label <a href="#objectusersmanagement-changethelabel" id="objectusersmanagement-changethelabel"></a>

You can change the label of an **Object User**, using the ![](https://docs.cegedim.cloud/download/thumbnails/102140875/image2022-11-10_15-49-40.png?version=1\&modificationDate=1668091781015\&api=v2) button

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-7c3a123d23725bd28a5587332f96a500838ae8cc%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

### Lock or Unlock <a href="#objectusersmanagement-lockorunlock" id="objectusersmanagement-lockorunlock"></a>

You can lock or unlock an **Object Use**r using the ![](https://docs.cegedim.cloud/download/thumbnails/102140875/image2022-11-10_15-51-39.png?version=1\&modificationDate=1668091899383\&api=v2) button:

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-e7f330f6aff8aad1df2fe1dde64fd7f0aa227802%2Fimage%20(26).png?alt=media" alt=""><figcaption></figcaption></figure>

An **Object User** locked have a closed green pad lock ![](https://docs.cegedim.cloud/download/thumbnails/102140875/image2022-11-10_15-59-11.png?version=1\&modificationDate=1668092352015\&api=v2) on the left of the label and can't perform any operation using the **S3 API**.

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-bdcd47a10f5a99d657580bf0e43b1282b339c021%2Fimage%20(27).png?alt=media" alt=""><figcaption></figcaption></figure>

### Renew a secret key

You can at any time change the secret key of an **Object User** by clicking on the ![](https://docs.cegedim.cloud/download/thumbnails/102140875/image2022-11-10_16-0-52.png?version=1\&modificationDate=1668092452569\&api=v2) button.

{% hint style="danger" %}
If you change the secret of an **Object User**, all applications or clients using it will get a **`401 Unauthorized Error`**.
{% endhint %}

{% hint style="warning" %}
The change of a secret key can take few minutes to propagate over all cegedim.cloud Object Storage Service.
{% endhint %}

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-ff89b11360bc214dd7a665c0346c6759d198d0da%2Fimage%20(28).png?alt=media" alt=""><figcaption></figcaption></figure>

You have the possibility the specify a "**grace period**", in seconds, during which, both old and new secret keys are valid and accepted by cegedim.cloud Object Storage Service.

At the end of the grace period, the old secret key is invalidate.

Once the action submitted, a popup appears displaying **the new secret key**:

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-ebb611fade3ddecb680321a1049166bf5b6ae605%2Fimage%20(29).png?alt=media" alt=""><figcaption></figcaption></figure>

You can close this pop-up once you have save your credentials.

## Delete an Object user

You can delete an **Object User** by clicking on the ![](https://docs.cegedim.cloud/download/thumbnails/102140875/image2022-11-10_16-10-31.png?version=1\&modificationDate=1668093031811\&api=v2) button.

{% hint style="danger" %}
This action cannot be undone.
{% endhint %}

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-3087515fcfbfbacd8f6bb0cdab0c49a7e87ca517%2Fimage%20(30).png?alt=media" alt=""><figcaption></figcaption></figure>