Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 5 of 5 for denyOnly (0.1 sec)

  1. cmd/admin-handlers-users.go

    	}
    
    	denyOnly := (targetUser == cred.AccessKey || targetUser == cred.ParentUser)
    	if ldap && !denyOnly {
    		res, _ := globalIAMSys.LDAPConfig.GetValidatedDNForUsername(targetUser)
    		if res.NormDN == cred.ParentUser {
    			denyOnly = true
    		}
    	}
    
    	// Check if action is allowed if creating access key for another user
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Oct 03 23:11:02 UTC 2024
    - 85.1K bytes
    - Viewed (0)
  2. docs/iam/access-management-plugin.md

            "minio"
          ],
          "username": [
            "minio"
          ],
          "versionid": [
            ""
          ]
        },
        "owner": true,
        "object": "",
        "claims": {},
        "denyOnly": false
      }
    }
    ```
    
    </details>
    
    The response expected by MinIO, is a JSON body with a boolean:
    
    ```json
    {
        "result": true
    }
    ```
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Dec 13 22:28:48 UTC 2022
    - 4.4K bytes
    - Viewed (0)
  3. cmd/admin-handlers-idp-ldap.go

    			Groups:          cred.Groups,
    			Action:          policy.ListServiceAccountsAdminAction,
    			ConditionValues: getConditionValues(r, "", cred),
    			IsOwner:         owner,
    			Claims:          cred.Claims,
    			DenyOnly:        true,
    		}) {
    			writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL)
    			return
    		}
    		userDN = cred.AccessKey
    		if cred.ParentUser != "" {
    			userDN = cred.ParentUser
    		}
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sat Sep 21 11:35:40 UTC 2024
    - 19.1K bytes
    - Viewed (0)
  4. cmd/auth-handler.go

    			BucketName:      bucket,
    			ConditionValues: getConditionValues(r, "", cred),
    			ObjectName:      object,
    			IsOwner:         owner,
    			Claims:          cred.Claims,
    			DenyOnly:        true,
    		}) { // Request is not allowed if Deny action on DeleteObjectVersionAction
    			return ErrAccessDenied
    		}
    	}
    	if globalIAMSys.IsAllowed(policy.Args{
    		AccountName:     cred.AccessKey,
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Sep 17 16:45:46 UTC 2024
    - 26.1K bytes
    - Viewed (0)
  5. cmd/sts-handlers.go

    			if err != nil {
    				writeSTSErrorResponse(ctx, w, ErrSTSAccessDenied, err)
    				return
    			}
    		}
    
    		if !globalIAMSys.doesPolicyAllow(p, policy.Args{
    			DenyOnly:        true,
    			Action:          policy.AssumeRoleWithWebIdentityAction,
    			ConditionValues: getSTSConditionValues(r, "", cred),
    			Claims:          cred.Claims,
    		}) {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Aug 15 01:29:20 UTC 2024
    - 33.9K bytes
    - Viewed (0)
Back to top