Hello @awcchungster ,
Welcome to the forum!
You can create a derived access grant from any access grant, but it will be limited by the scope of the original access grant. For example, if you have a root access grant, you can create a new access grant limited to any buckets/objects.
If you have a limited access grant, for example for the one bucket, then you can create a new access grant, which will be limited by this bucket too, but you can make it more restrictive and/or allow an access to only some prefixes inside the bucket or even single objects.
See Sharing Your First Object - Storj DCS
Regarding usage of s3 protocol for sharing - it’s not great idea, because you skip all key Storj features like p2p distribution, related to the location of your clients, not to the selected region as with S3-compatible, granular permissions for shared buckets/prefixes/objects (because you cannot change the access on s3 level you will need to generate a new access grant with needed permissions and new keys), using the client-side encryption (with s3 it will be a server-side encryption).
If you would start fresh, I would recommend to use a native integration instead of limited s3 protocol.
See available libraries: Storj Client Libraries - Storj DCS and Storj - Third Party · GitHub