// Validate that the client cannot remove any objects
	err = minioClient.RemoveObject(ctx, bucket, "someobject", minio.RemoveObjectOptions{})
	if err.Error() != "Access Denied." {
		c.Fatalf("unexpected non-access-denied err: %v", err)
	}
}

func (s *TestSuiteIAM) TestSTSWithGroupPolicy(c *check) {
	ctx, cancel := context.WithTimeout(context.Background(), testDefaultTimeout)
	defer cancel()

            // neither SHARE_READ nor SHARE_WRITE are set
            this.desiredAccess |= SHARING_DENY_READ_WRITE_EXECUTE;
        }

        this.desiredAccess &= ~0x1; // Win98 doesn't like GENERIC_READ ?! -- get Access Denied.

        // searchAttributes
        this.searchAttributes = SmbConstants.ATTR_DIRECTORY | SmbConstants.ATTR_HIDDEN | SmbConstants.ATTR_SYSTEM;

        // openFunction

	globalCertsCADir = defaultCertsCADir
)

// Get - returns current directory.
func (dir *ConfigDir) Get() string {
	return dir.path
}

// Attempts to create all directories, ignores any permission denied errors.
func mkdirAllIgnorePerm(path string) error {
	err := os.MkdirAll(path, 0o700)
	if err != nil {
		// It is possible in kubernetes like deployments this directory

        assertNotNull(messages[0]);
        assertTrue(messages[0].toLowerCase().contains("success") || messages[0].toLowerCase().contains("completed"));
    }

    @Test
    @DisplayName("Should handle access denied status")
    void testAccessDeniedStatus() {
        // Given
        int status = NtStatus.NT_STATUS_ACCESS_DENIED;

        // When/Then
        assertEquals((int) 0xC0000022L, status);

     * If access is not allowed, returns an unauthorized error response.
     *
     * @param runtime the action runtime context containing request information
     * @return ActionResponse with unauthorized error if access denied, otherwise delegates to parent
     */
    @Override
    public ActionResponse godHandPrologue(final ActionRuntime runtime) {
        if (!isAccessAllowed()) {

 * </p>
 * <ul>
 *   <li>Initialize the client with SMB authentication details.</li>
 *   <li>Retrieve content and metadata from SMB files.</li>
 *   <li>Process access control entries to determine allowed and denied SIDs (Security Identifiers).</li>
 *   <li>Handle timeouts during SMB operations.</li>
 * </ul>
 *
 * <p>
 * The client uses a {@link SmbAuthenticationHolder} to manage SMB authentication credentials.

     * @param path the path to the object within the bucket
     * @return the Blob object, or null if the object does not exist
     * @throws CrawlingAccessException if access is denied
     */
    protected Blob getBlob(final String bucketName, final String path) {
        if (StringUtil.isEmpty(path)) {
            return null;
        }

        try {

 * </p>
 * <ul>
 *   <li>Initialize the client with SMB authentication details.</li>
 *   <li>Retrieve content and metadata from SMB files.</li>
 *   <li>Process access control entries to determine allowed and denied SIDs (Security Identifiers).</li>
 *   <li>Handle timeouts during SMB operations.</li>
 * </ul>
 *
 * <p>
 * The client uses a {@link SmbAuthenticationHolder} to manage SMB authentication credentials.

			//   HTTP status code 404 ("no such key")
			//   error.
			// * if you don’t have the s3:ListBucket
			//   permission, Amazon S3 will return an HTTP
			//   status code 403 ("access denied") error.`
			if globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
				Action:          policy.ListBucketAction,
				BucketName:      bucket,
				ConditionValues: getConditionValues(r, "", auth.AnonymousCredentials),

	return "Object exists on : " + e.Bucket + " as directory " + e.Object
}

// PrefixAccessDenied object access is denied.
type PrefixAccessDenied GenericError

func (e PrefixAccessDenied) Error() string {
	return "Prefix access is denied: " + e.Bucket + SlashSeparator + e.Object
}

// BucketExists bucket exists.
type BucketExists GenericError

func (e BucketExists) Error() string {