Fence has multiple options that provide a mechanism to access data. The access to data can be moderated through authorization information in a User Access File.
Users can be provided specific privilege's on projects in the User Access
File. A project is identified by a unique authorization identifier AKA auth_id.
A project can be associated with various storage backends that store
object data for that given project. You can assign read-storage and write-storage
privileges to users who should have access to that stored object data. read and
write allow access to the data stored in a graph database.
Depending on the backend, Fence can be configured to provide users access to the data in different ways.
Temporary signed URLs are supported in all major commercial clouds. Signed URLs are the most 'cloud agnostic' way to allow users to access data located in different platforms.
Fence has the ability to request a specific file by its GUID (globally unique identifier) and retrieve a temporary signed URL for object data in AWS or GCP that will provide direct access to that object.