`, bucket, bucket))

	err = s.adm.AddCannedPolicy(ctx, policy, policyBytes)
	if err != nil {
		c.Fatalf("policy add error: %v", err)
	}

	accessKey, secretKey := mustGenerateCredentials(c)
	err = s.adm.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled)
	if err != nil {
		c.Fatalf("Unable to set user: %v", err)
	}

	err = s.adm.SetPolicy(ctx, policy, accessKey, false)
	if err != nil {

	ctx, cancel := context.WithTimeout(context.Background(), testDefaultTimeout)
	defer cancel()

	// 1. Create a user.
	accessKey, secretKey := mustGenerateCredentials(c)
	err := s.adm.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled)
	if err != nil {
		c.Fatalf("Unable to set user: %v", err)
	}

	// 2. Check new user appears in listing
	usersMap, err := s.adm.ListUsers(ctx)
	if err != nil {

	}

	userCount := 50
	accessKeys := make([]string, userCount)
	secretKeys := make([]string, userCount)
	for i := 0; i < userCount; i++ {
		accessKey, secretKey := mustGenerateCredentials(c)
		err = s.adm.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled)
		if err != nil {
			c.Fatalf("Unable to set user: %v", err)
		}

		err = s.adm.SetPolicy(ctx, policy, accessKey, false)
		if err != nil {

	if endpoint == "" {
		return nil, errors.New("invalid argument")
	}

	args := &OperatorDNS{
		Endpoint: endpoint,
	}
	for _, setter := range setters {
		setter(args)
	}
	args.httpClient = &http.Client{
		Transport: &http.Transport{
			Proxy: http.ProxyFromEnvironment,
			DialContext: (&net.Dialer{
				Timeout:   3 * time.Second,

			// Ignore any deletion error.
			_, _ = sys.PolicyDBSet(ctx, origKeys[0], "", stsUser, isGroup)
		}
	}
	return nil
}

// GetUser - get user credentials
func (sys *IAMSys) GetUser(ctx context.Context, accessKey string) (u UserIdentity, ok bool) {
	if !sys.Initialized() {
		return u, false
	}

	if accessKey == globalActiveCred.AccessKey {

			// to retry with 503 errors when server is coming up.
			return auth.Credentials{}, false, ErrServerNotInitialized
		}

		// Check if the access key is part of users credentials.
		u, ok := globalIAMSys.GetUser(r.Context(), accessKey)
		if !ok {
			// Credentials could be valid but disabled - return a different
			// error in such a scenario.
			if u.Credentials.Status == auth.AccountOff {

	blobURL := az.serviceURL.NewContainerURL(az.Bucket).NewBlockBlobURL(az.getDest(object))
	// set tier if specified -
	if az.StorageClass != "" {
		if _, err := blobURL.SetTier(ctx, az.tier(), azblob.LeaseAccessConditions{}, azblob.RehydratePriorityStandard); err != nil {
			return "", azureToObjectError(err, az.Bucket, object)
		}
	}

// HasWatcher - returns if the storage system has a watcher.
func (store *IAMStoreSys) HasWatcher() bool {
	_, ok := store.IAMStorageAPI.(iamStorageWatcher)
	return ok
}

// GetUser - fetches credential from memory.
func (store *IAMStoreSys) GetUser(user string) (UserIdentity, bool) {
	cache := store.rlock()
	defer store.runlock()

	u, ok := cache.iamUsersMap[user]
	if !ok {
		// Check the sts map

```

> The admin user running this command needs the "admin:SetTier" and "admin:ListTier" permissions if not running as root.

Using above tier, set up a lifecycle rule with transition:

```
 mc ilm add --expiry-days 365 --transition-days 45 --storage-class "AZURETIER" myminio/srcbucket

							"accessKey": c.User(),
						},
						Extensions: make(map[string]string),
					}, nil
				}
				return nil, errAuthentication
			}

			ui, ok := globalIAMSys.GetUser(context.Background(), c.User())
			if !ok {
				return nil, errNoSuchUser
			}

			if subtle.ConstantTimeCompare([]byte(ui.Credentials.SecretKey), pass) == 1 {
				return &ssh.Permissions{