Determining when to use the different tools for generating Access Grants is driven by the use of the underlying tool. You can generate an Access Grant in the Storj Console, or you can use either our Go Library or Create Access Grant in CLI.
In general, you use the Storj Console to create an Access Grant that is then used to set up whatever client tool you are using. In order to configure and use the CLI or an application like FileZilla Native Integration or Rclone you must first Create an Access Grant to configure the client. You may create an unrestricted Access Grant or Restricted Access Grant with limited access. The Storj Console is also used to generate credentials if you want to use an application with the Storj hosted S3-compatible gateway.
Remember: When you use an Access Grant to generate credentials for the Storj hosted S3-compatible gateway, the hosted gateway uses server-side encryption. If end-to-end encryption is essential for your use case, you should encrypt your data before sending it to the hosted gateway, or use a self-hosted S3-compatible Gateway.
Once you have created an Access Grant from the Storj Console, the CLI, client library or other client tool can then use that Access Grant to interact with the Storj service, or create additional restricted Access Grants - child Access Grants of the parent created in the Storj Console. The Uplink Client can be used to create additional child Restricted Access Grants.
Remember: When you create child Restricted Access Grants from a parent Restricted Access Grant, the child Restricted Access Grants can have the same level of access as the parent or less access, but never more.
For example: A parent Restricted Access Grant that only has Read and Write access to a particular may be used to create child Restricted Access Grants that have Read-only access to the bucket or just one path within that bucket. But, a parent Restricted Access Grant that only has Read and Write access to a particular may NOT be used to create child Restricted Access Grants that have Read-write-delete access to the bucket or another path within another bucket to which the parent Restricted Access Grant does not have any access.