// error returned in IAM subsystem when policy doesn't exist.
var errNoSuchPolicy = errors.New("Specified canned policy does not exist")

// error returned when policy to be deleted is in use.
var errPolicyInUse = errors.New("Specified policy is in use and cannot be deleted.")

// error returned when more than a single policy is specified when only one is
// expected.

		return
	}

	if s3Error := checkRequestAuthType(ctx, r, policy.ListBucketVersionsAction, bucket, ""); s3Error != ErrNone {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL)
		return
	}
	var checkObjMeta metaCheckFn
	if metadata {
		checkObjMeta = func(name string, action policy.Action) (s3Err APIErrorCode) {
			return checkRequestAuthType(ctx, r, action, bucket, name)
		}
	}

}
```

Now you have successfully configured Dex IdP with MinIO.

> NOTE: Dex supports groups with external connectors so you can use `groups` as policy claim instead of `name`.

```
export MINIO_IDENTITY_OPENID_CLAIM_NAME=groups
```

and add relevant policies on MinIO using `mc admin policy create myminio/ <group_name> group-access.json`

## Explore Further

	exit_1
fi

./mc admin policy remove minio3 projecta

sleep 10
./mc admin policy info minio1 projecta
if [ $? -eq 0 ]; then
	echo "expecting the command to fail, exiting.."
	exit_1
fi

./mc admin policy info minio2 projecta
if [ $? -eq 0 ]; then
	echo "expecting the command to fail, exiting.."
	exit_1
fi

./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
sleep 5

client_id     (string)    unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com"
claim_name    (string)    JWT canned policy claim name, defaults to "policy"
claim_prefix  (string)    JWT claim namespace prefix e.g. "customer1/"
scopes        (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"

### Policy

An IAM policy in JSON format that you want to use as an inline session policy. This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the canned policy name and the policy set here. You cannot use this policy to grant more permissions than those allowed by the canned policy name being assumed.

		s3Error = checkRequestAuthType(ctx, r, policy.GetObjectVersionAttributesAction, bucket, object)
		if s3Error == ErrNone {
			s3Error = checkRequestAuthType(ctx, r, policy.GetObjectVersionAction, bucket, object)
		}
	} else {
		s3Error = checkRequestAuthType(ctx, r, policy.GetObjectAttributesAction, bucket, object)
		if s3Error == ErrNone {
			s3Error = checkRequestAuthType(ctx, r, policy.GetObjectAction, bucket, object)
		}
	}

import jcifs.smb1.dcerpc.DcerpcHandle;
import jcifs.smb1.dcerpc.rpc;
import jcifs.smb1.smb1.SmbException;

/**
 * LSA policy handle for Local Security Authority operations.
 */
public class LsaPolicyHandle extends rpc.policy_handle {

    DcerpcHandle handle;

    /**
     * Constructs an LSA policy handle.
     *
     * @param handle the DCERPC handle
     * @param server the server name

 */

package jcifs.dcerpc.msrpc;

import jcifs.dcerpc.ndr.NdrObject;

/**
 * MS-RPC query information policy operation.
 *
 * This class implements the LSARPC QueryInformationPolicy operation
 * for retrieving policy information from the Local Security Authority (LSA).
 */
public class MsrpcQueryInformationPolicy extends lsarpc.LsarQueryInformationPolicy {

    /**

@Deprecated
class DefaultGraphConflictResolutionPolicyTest {
    GraphConflictResolutionPolicy policy;
    MetadataGraphEdge e1;
    MetadataGraphEdge e2;
    MetadataGraphEdge e3;

    // ------------------------------------------------------------------------------------------
    @BeforeEach
    void setUp() throws Exception {
        policy = new DefaultGraphConflictResolutionPolicy();