NetApp StorageGRID controls access to S3 resources using policies that are formatted in JSON. These policies can be applied at two distinct levels. Bucket policies are attached directly to S3 buckets to specify which principals (users or groups) are allowed or denied permission to perform actions on the bucket and its objects. Group policies are attached to StorageGRID tenant groups, granting permissions to all users who are members of that group. These two policy types are the primary mechanisms for managing S3 access control within a StorageGRID tenant.

A. ILM: Information Lifecycle Management (ILM) policies govern data durability, placement, and retention, not user or group access permissions.

C. export: Export policies are a mechanism used to control client access to NFS shares, which is not a native protocol or access method for StorageGRID.

E. service: "Service policy" is not a defined access control policy type within StorageGRID for managing S3 bucket and object permissions.

1. NetApp StorageGRID 11.8 Documentation, "Manage S3 access with group and bucket policies".

Section: "Use a tenant account" -> "Manage S3 access with group and bucket policies"

Content: This section explicitly states, "You can control access to S3 buckets and objects by creating group policies and bucket policies. These access policies allow or deny principals (users, groups, or accounts) permission to perform actions on resources (buckets and objects)."

2. NetApp StorageGRID 11.8 Documentation, "Create a group policy".

Section: "Use a tenant account" -> "Manage group access permissions" -> "Create a group policy"

Content: This page details the procedure for creating a JSON-formatted policy and attaching it to a group to grant permissions to all users in that group.

3. NetApp StorageGRID 11.8 Documentation, "Add S3 bucket policy".

Section: "Use a tenant account" -> "Manage buckets" -> "Add S3 bucket policy"

Content: This page describes how to apply a resource-based policy directly to a bucket to define access permissions for that specific resource.