Skip to content

Fs Space

A space is a logical container for folders, files and objects, serving as a unit of horizontal scalability and a mechanism for isolating a group of resources. It can be thought of as a collection of these resources.

To create a space, you must specify a cloud provider and an accountId. The supported cloud providers are “aws” and “azure.” All resources within the space are organized and managed under the chosen provider. The accountId should be from the CDH system, though currently, no validation is performed against it. Space will be available only in the region in which they were created. Resources created in one region are not accessible from any other region.

Upon creation of a space, a root folder is automatically generated, which can be used to store and organize additional folders, files and objects within the space.

Spaces can have access control lists (ACLs) that define who can access the space and what operations they can perform. A space is always owned by its creator, who automatically receives the SpaceManager role’s permissions and can control the ACLs for the entire space.

Learn more about ACLs.

Storage Modes

Spaces support different storage modes to control operations on resources

  • active: This mode permits all operations. This is the default mode.
  • read-only: In this restricted mode:
    • Space operations: Update, Delete, and Restore are permitted.
    • Folder operations: Only Export/Get is allowed. Create, Update, Rename, Move, Copy, Delete, and Restore are restricted.
    • File operations: Only Get operations are permitted. Upload, Update, Copy, Move, Rename, Lock/Unlock, Checkin/Checkout, Delete, Restore, and Link Support Files are restricted.

Users with spaceManager permission can update the storage mode using the update space endpoint.

Space Membership Boundary

Space membership boundary is a space-level setting that allows space managers to restrict sharing abilities such that only a select group of users is permitted to access content in the space. This feature provides the flexibility to:

  • Limit access to space content to members of a specified IAM group.
  • Share limited content with selected users outside of the boundary.
  • Enable or disable the boundary at any time.

When a space membership boundary is declared, the following fields must be included:

  • Group: A group with the specified IAM group ID must be included. This defines the core membership for the space.

  • allowLimitedViewerOutsideBoundaryGroup (Optional): This field determines whether limited viewer access can be granted to users outside the specified IAM group.

A space membership boundary can be configured in three ways:

  • No Membership Boundary (Default):
By default, there is no membership boundary. Any user can access the content based on standard ACL permissions.
  • Space Members Only:
To restrict access, set the group field. The allowLimitedViewerOutsideBoundaryGroup field can be omitted or set to `false`. This prevents users outside the specified IAM group from having limited viewer access.
  • Space Members with Limited Viewers:
This configuration allows members of the specified IAM group to have full access based on their roles, while also granting limited viewer access to selected users outside the group.This is achieved by setting the group field and ensuring the allowLimitedViewerOutsideBoundaryGroup field is set to `true`.

Space membership boundary is disabled by default, and can be set during space creation or updated later through the update space operation.

Note: Versioning does not apply to the space itself.