### List of Amazon S3 Bucket APIs not supported on MinIO

- BucketACL (Use [bucket policies](https://docs.min.io/community/minio-object-store/administration/identity-access-management/policy-based-access-control.html) instead)

		// part of JWT custom claims.
		policySet, ok := policy.GetPoliciesFromClaims(claims, iamPolicyClaimNameOpenID())
		policies := strings.Join(policySet.ToSlice(), ",")
		if ok {
			policyName = globalIAMSys.CurrentPolicies(policies)
		}

		if newGlobalAuthZPluginFn() == nil {
			if !ok {
				writeSTSErrorResponse(ctx, w, ErrSTSInvalidParameterValue,

	"github.com/minio/minio/internal/auth"
	"github.com/minio/mux"
	xldap "github.com/minio/pkg/v3/ldap"
	"github.com/minio/pkg/v3/policy"
)

// ListLDAPPolicyMappingEntities lists users/groups mapped to given/all policies.
//
// GET <admin-prefix>/idp/ldap/policy-entities?[query-params]
//
// Query params:
//
//	user=... -> repeatable query parameter, specifying users to query for
//	policy mapping
//

	}

	time.Sleep(4 * time.Second)

	policies, err := globalIAMSys.PolicyDBGet(ucreds.AccessKey)
	if err != nil {
		t.Fatalf("unable to get policy to credential, %s", err)
	}

	if len(policies) == 0 {
		t.Fatal("no policies found")
	}

	if policies[0] != "consoleAdmin" {
		t.Fatalf("expected 'consoleAdmin', %s", policies[0])
	}
}

	err := s.adm.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled)
	if err != nil {
		c.Fatalf("Unable to set user: %v", err)
	}

	userReq := madmin.PolicyAssociationReq{
		Policies: []string{"readwrite"},
		User:     accessKey,
	}
	if _, err := s.adm.AttachPolicy(ctx, userReq); err != nil {
		c.Fatalf("Unable to attach policy: %v", err)
	}

- Creation and deletion of buckets and objects
- Creation and deletion of all IAM users, groups, policies and their mappings to users or groups
- Creation of STS credentials
- Creation and deletion of service accounts (except those owned by the root user)
- Changes to Bucket features such as:
  - Bucket Policies
  - Bucket Tags
  - Bucket Object-Lock configurations (including retention and legal hold configuration)

- The user can now use these credentials to make requests to the MinIO server.

The administrator will associate IAM access policies with each group and if required with the user too. The MinIO server then evaluates applicable policies on a user (these are the policies associated with the groups along with the policy on the user if any) to check if the request should be allowed or denied.

				if policy.IsEmpty() {
					err = globalIAMSys.DeletePolicy(ctx, policyName, true)
					removed.Policies = append(removed.Policies, policyName)
				} else {
					_, err = globalIAMSys.SetPolicy(ctx, policyName, policy)
					added.Policies = append(added.Policies, policyName)
				}
				if err != nil {
					writeErrorResponseJSON(ctx, w, importError(ctx, err, allPoliciesFile, policyName), r.URL)

versions of an object in one bucket. For example, you could store `spark.csv` (version `ede336f2`) and `spark.csv` (version `fae684da`) in a single bucket. Versioning protects you from unintended overwrites, deletions, protect objects with retention policies.

To control data retention and storage usage, use object versioning with [object lifecycle management](https://github.com/minio/minio/blob/master/docs/bucket/lifecycle/README.md).  If you have an object expiration lifecycle policy in your...

iam-assets/policies.json {"consoleAdmin":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["admin:*"]},{"Effect":"Allow","Action":["kms:*"]},{"Effect":"Allow","Action":["s3:*"],"Resource":["arn:aws:s3:::*"]}]},diagnostics":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["admin:TopLocksInfo","admin:BandwidthMonitor","admin:ConsoleLog","admin:OBDInfo","admin:Profiling","admin:Prometheus","admin:ServerInfo","admin:ServerTrace"],"Resource":["arn:aws:s3:::*"]}]},rea...