Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 6 of 6 for denyOnly (0.34 sec)

  2. github.com/minio/minio

    docs/iam/access-management-plugin.md 

            "minio"
      ],
      "username": [
        "minio"
      ],
      "versionid": [
        ""
      ]
    },
    "owner": true,
    "object": "",
    "claims": {},
    "denyOnly": false
  }
}
```

</details>

The response expected by MinIO, is a JSON body with a boolean:

```json
{
    "result": true
}
```
    Registered: Sun Sep 07 19:28:11 UTC 2025
    - Last Modified: Tue Dec 13 22:28:48 UTC 2022
    - 4.4K bytes
    - Viewed (1)
  3. github.com/minio/minio

    cmd/admin-handlers-users.go 

    	}

	denyOnly := (targetUser == cred.AccessKey || targetUser == cred.ParentUser)
	if ldap && !denyOnly {
		res, _ := globalIAMSys.LDAPConfig.GetValidatedDNForUsername(targetUser)
		if res != nil && res.NormDN == cred.ParentUser {
			denyOnly = true
		}
	}

	// Check if action is allowed if creating access key for another user
    Registered: Sun Sep 07 19:28:11 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 90.6K bytes
    - Viewed (0)
  4. github.com/minio/minio

    cmd/admin-handlers-idp-openid.go 

    		Groups:          cred.Groups,
		Action:          policy.ListServiceAccountsAdminAction,
		ConditionValues: getConditionValues(r, "", cred),
		IsOwner:         owner,
		Claims:          cred.Claims,
		DenyOnly:        selfOnly,
	}) {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL)
		return
	}

	if selfOnly && len(userList) == 0 {
		selfDN := cred.AccessKey
		if cred.ParentUser != "" {
    Registered: Sun Sep 07 19:28:11 UTC 2025
    - Last Modified: Sat Sep 06 17:38:46 UTC 2025
    - 7.6K bytes
    - Viewed (0)
  5. github.com/minio/minio

    cmd/admin-handlers-idp-ldap.go 

    			Groups:          cred.Groups,
			Action:          policy.ListServiceAccountsAdminAction,
			ConditionValues: getConditionValues(r, "", cred),
			IsOwner:         owner,
			Claims:          cred.Claims,
			DenyOnly:        true,
		}) {
			writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL)
			return
		}
		userDN = cred.AccessKey
		if cred.ParentUser != "" {
			userDN = cred.ParentUser
		}
    Registered: Sun Sep 07 19:28:11 UTC 2025
    - Last Modified: Fri Aug 08 02:46:04 UTC 2025
    - 19.2K bytes
    - Viewed (0)
  6. github.com/minio/minio

    cmd/sts-handlers.go 

    						fmt.Errorf("None of the given policies (`%s`) are defined, credentials will not be generated", p))
					return
				}
			}
		}

		if !globalIAMSys.doesPolicyAllow(p, policy.Args{
			DenyOnly:        true,
			Action:          policy.AssumeRoleWithWebIdentityAction,
			ConditionValues: getSTSConditionValues(r, "", cred),
			Claims:          cred.Claims,
		}) {
    Registered: Sun Sep 07 19:28:11 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 36.6K bytes
    - Viewed (0)
  7. github.com/minio/minio

    cmd/auth-handler.go 

    			BucketName:      bucket,
			ConditionValues: getConditionValues(r, "", cred),
			ObjectName:      object,
			IsOwner:         owner,
			Claims:          cred.Claims,
			DenyOnly:        true,
		}) { // Request is not allowed if Deny action on DeleteObjectVersionAction
			return ErrAccessDenied
		}
	}
	if globalIAMSys.IsAllowed(policy.Args{
		AccountName:     cred.AccessKey,
    Registered: Sun Sep 07 19:28:11 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 25.4K bytes
    - Viewed (0)
Back to top