From: Seena Fallah <seenafallah@gmail.com>
Date: Mon, 24 Feb 2025 15:47:50 +0000 (+0100)
Subject: doc: add release note for new policy actions on replication
X-Git-Tag: v20.1.0~329^2~7
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=6f11632ab191d421a0fe201cdeb5d41e580bca2b;p=ceph.git

doc: add release note for new policy actions on replication

Fixes: https://tracker.ceph.com/issues/70093
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 8c15d4674f567c7b35d5aac0a9ac4e62306f7b13)
---

diff --git a/PendingReleaseNotes b/PendingReleaseNotes
index 404d2d7f8cdec..6b18efc70f174 100644
--- a/PendingReleaseNotes
+++ b/PendingReleaseNotes
@@ -138,6 +138,13 @@
   allowed.  `rbd trash mv` command now behaves the same way as `rbd rm` in this
   scenario.
 
+* RGW: Replication policies now validate permissions using `s3:ReplicateObject`,
+  `s3:ReplicateDelete`, and `s3:ReplicateTags` for destination buckets. For source
+  buckets, both `s3:GetObjectVersionForReplication` and `s3:GetObject(Version)`
+  are supported. Actions like `s3:GetObjectAcl`, `s3:GetObjectLegalHold`, and
+  `s3:GetObjectRetention` are also considered when fetching the source object.
+  Replication of tags is controlled by the `s3:GetObject(Version)Tagging` permission.
+
 >=19.2.1
 
 * CephFS: Command `fs subvolume create` now allows tagging subvolumes through option