A Portworx volume is considered "Public" when the guestaccess parameter is enabled for it. This setting allows any authenticated user within the Portworx security domain to access the volume with a specified level of permission (read, write, or admin), even if they are not the owner or explicitly listed as a collaborator. This mechanism is the designated method for sharing a volume broadly across users in the cluster, effectively making it a public resource.

A. A volume owned by system.admin is simply under the control of that specific administrative role. Ownership does not inherently grant access to all other users.

C. When Portworx security is enabled, every volume is created with an associated owner. A volume without ownership is not the defined mechanism for making it public.

1. Portworx Enterprise Documentation

"Security -> Portworx with Kubernetes -> Volume-based access control -> Ownership and access": In the section "Make a volume public

" the documentation explicitly states: "You can make a volume public by granting access to guests. When you set guestaccess to read

write

or admin

any authenticated user can access the volume with the specified access level." This directly confirms that guest access defines a public volume.

2. Portworx Enterprise Documentation

"Security -> Portworx with Kubernetes -> Volume-based access control -> Ownership and access": The "Ownership" section clarifies: "When you create a volume

you become its owner." This refutes the idea that a volume can be public by having no owner.