12. Who can access my data stored on CloudVeneto ?

12.1. Who can read the data stored on my virtual machine ?

When you create a VM (and therefore you become the owner of that VM) using a CloudVeneto Public image, by default you are the only one who can access to this VM. The only exception to this rule applies to:

  • the <OperatingSystem>-INFNPadova-x86-64-<date> images, as explained below.
  • the k8s-node image, which grants access to the CloudVeneto administrators for debugging purposes

Private, shared and community images could instead grant access by default also to other users: it is then up to you to check if these images are appropriated for your privacy requirements.

As owner of a VM you can then grant access to this VM to other people, as explained in Creating accounts on your Virtual Machine. Is this therefore your responsability to decide:

  • who can access your VM
  • which (and how) data can be accessed by the users who have access to the virtual machine
  • if and how (e.g. via NFS) data stored on the VM can be accessed by users of other virtual machines

This applies to data stored both on the ephemeral storage of the VM and to volume(s) attached to the virtual machine.

12.2. Who can read the data stored on a volume ?

As explained in Using (attaching) a Volume:

  • only the owner of a volume can attach the volume to a VM
  • a volume can be attached also to a VM belonging to a user different than the owner of the volume

Once a volume is attached to a VM, see above wrt who can access the data stored on this volume.

12.3. Who can read the data stored on a object storage bucket ?

As explained in Object Storage, if you create a bucket and upload some files on this container, also the other members of the project can see (and also delete) these files.

If this is not suitable for your use cases, It is possible to have a personal object storage bucket.

12.4. Can the CloudVeneto administrators read my data ?

CloudVeneto administrators have advanced permissions that technically allow to access to user contents and activity records.

Such permissions are however used only for the administration and operations of the Cloud infrastructure, and for debugging purposes.

12.5. Who can read my data if I use a INFN-Padova public image ?

As explained in Public Images for INFN Padova users, the <OperatingSystem>-INFNPadova-x86-64-<date> images allow INFN-Padova system administrators to log with admin privileges on the instances created using these images.