// The caller did not ask to update status account, do nothing
	case "":
	case string(madmin.AccountEnabled):
		cr.Status = auth.AccountOn
	case string(madmin.AccountDisabled):
		cr.Status = auth.AccountOff
	// Update account status
	case auth.AccountOn, auth.AccountOff:
		cr.Status = opts.status
	default:
		return updatedAt, errors.New("unknown account status value")
	}

	c.assertSvcAccS3Access(ctx, s, cr, bucket)

	// 3. Check that svc account can restrict the policy, and that the
	// session policy can be updated.
	c.assertSvcAccSessionPolicyUpdate(ctx, s, s.adm, accessKey, bucket)

	// 4. Check that service account's secret key and account status can be
	// updated.
	c.assertSvcAccSecretKeyAndStatusUpdate(ctx, s, s.adm, accessKey, bucket)

	// As the session policy exists, even if the parent is the root account, it
	// must be restricted by it. So, we set `.IsOwner` to false here
	// unconditionally.
	//
	// We also set `DenyOnly` arg to false here - this is an IMPORTANT corner
	// case: DenyOnly is used only for allowing an account to do actions related
	// to its own account (like create service accounts for itself, among

		return
	}

	// Permission checks:
	//
	// 1. Any type of account (i.e. access keys (previously/still called service
	// accounts), STS accounts, internal IDP accounts, etc) with the
	// policy.UpdateServiceAccountAdminAction permission can update any service
	// account.
	//
	// 2. We would like to let a user update their own access keys, however it

	}

	if tables, err := DB.Migrator().GetTables(); err != nil {
		t.Fatalf("Failed to get database all tables, but got error %v", err)
	} else {
		for _, t1 := range []string{"users", "accounts", "pets", "companies", "toys", "languages", "tools"} {
			hasTable := false
			for _, t2 := range tables {
				if t2 == t1 {
					hasTable = true
					break
				}
			}
			if !hasTable {

	if accessKey == "" {
		return np, grid.NewRemoteErr(errors.New("service account name is missing"))
	}

	if err := globalIAMSys.DeleteServiceAccount(context.Background(), accessKey, false); err != nil {
		return np, grid.NewRemoteErr(err)
	}

	return np, nerr
}

// LoadServiceAccountHandler - reloads a service account on the server.

labels.ldap_admin_security_principal=Bind DN
labels.ldap_admin_security_credentials=Password
labels.ldap_base_dn=Base DN
labels.ldapAccountFilter=Account Filter
labels.ldapGroupFilter=Group Filter
labels.ldapMemberofAttribute=memberOf Attribute
labels.ldap_account_filter=Account Filter
labels.ldap_group_filter=Group Filter
labels.ldap_memberof_attribute=memberOf Attribute
labels.notification_login=Login Page

	},
	ErrAccountNotEligible: {
		Code:           "XMinioInvalidIAMCredentials",
		Description:    "The account key is not eligible for this operation",
		HTTPStatusCode: http.StatusForbidden,
	},
	ErrAdminServiceAccountNotFound: {
		Code:           "XMinioInvalidIAMCredentials",
		Description:    "The specified service account is not found",
		HTTPStatusCode: http.StatusNotFound,
	},
	ErrPostPolicyConditionInvalidFormat: {

labels.ldap_admin_security_principal=DN bind
labels.ldap_admin_security_credentials=Password
labels.ldap_base_dn=DN base
labels.ldapAccountFilter=Filtro account
labels.ldapGroupFilter=Filtro gruppo
labels.ldapMemberofAttribute=Attributo memberOf
labels.ldap_account_filter=Filtro account
labels.ldap_group_filter=Filtro gruppo
labels.ldap_memberof_attribute=Attributo memberOf
labels.notification_login=Pagina di login

labels.ldap_admin_security_principal=Bind DN
labels.ldap_admin_security_credentials=Password
labels.ldap_base_dn=Base DN
labels.ldapAccountFilter=Account Filter
labels.ldapGroupFilter=Group Filter
labels.ldapMemberofAttribute=memberOf Attribute
labels.ldap_account_filter=Account Filter
labels.ldap_group_filter=Group Filter
labels.ldap_memberof_attribute=memberOf Attribute
labels.notification_login=Login Page