*/
public interface DcerpcError {

    /**
     * Generic fault code for other errors
     */
    int DCERPC_FAULT_OTHER = 0x00000001;
    /**
     * Access denied fault code
     */
    int DCERPC_FAULT_ACCESS_DENIED = 0x00000005;
    /**
     * Cannot perform operation fault code
     */
    int DCERPC_FAULT_CANT_PERFORM = 0x000006D8;
    /**

 * </p>
 * <ul>
 *   <li>Initialize the client with SMB authentication details.</li>
 *   <li>Retrieve content and metadata from SMB files.</li>
 *   <li>Process access control entries to determine allowed and denied SIDs (Security Identifiers).</li>
 *   <li>Handle timeouts during SMB operations.</li>
 * </ul>
 *
 * <p>
 * The client uses a {@link SmbAuthenticationHolder} to manage SMB authentication credentials.

	// Validate that the client cannot remove any objects
	err = minioClient.RemoveObject(ctx, bucket, "someobject", minio.RemoveObjectOptions{})
	if err.Error() != "Access Denied." {
		c.Fatalf("unexpected non-access-denied err: %v", err)
	}
}

func (s *TestSuiteIAM) TestSTSWithGroupPolicy(c *check) {
	ctx, cancel := context.WithTimeout(context.Background(), testDefaultTimeout)
	defer cancel()

        assertNotNull(messages[0]);
        assertTrue(messages[0].toLowerCase().contains("success") || messages[0].toLowerCase().contains("completed"));
    }

    @Test
    @DisplayName("Should handle access denied status")
    void testAccessDeniedStatus() {
        // Given
        int status = NtStatus.NT_STATUS_ACCESS_DENIED;

        // When/Then
        assertEquals((int) 0xC0000022L, status);

     * If access is not allowed, returns an unauthorized error response.
     *
     * @param runtime the action runtime context containing request information
     * @return ActionResponse with unauthorized error if access denied, otherwise delegates to parent
     */
    @Override
    public ActionResponse godHandPrologue(final ActionRuntime runtime) {
        if (!isAccessAllowed()) {

	globalCertsCADir = defaultCertsCADir
)

// Get - returns current directory.
func (dir *ConfigDir) Get() string {
	return dir.path
}

// Attempts to create all directories, ignores any permission denied errors.
func mkdirAllIgnorePerm(path string) error {
	err := os.MkdirAll(path, 0o700)
	if err != nil {
		// It is possible in kubernetes like deployments this directory

 * </p>
 * <ul>
 *   <li>Initialize the client with SMB authentication details.</li>
 *   <li>Retrieve content and metadata from SMB files.</li>
 *   <li>Process access control entries to determine allowed and denied SIDs (Security Identifiers).</li>
 *   <li>Handle timeouts during SMB operations.</li>
 * </ul>
 *
 * <p>
 * The client uses a {@link SmbAuthenticationHolder} to manage SMB authentication credentials.

			//   HTTP status code 404 ("no such key")
			//   error.
			// * if you don’t have the s3:ListBucket
			//   permission, Amazon S3 will return an HTTP
			//   status code 403 ("access denied") error.`
			if globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
				Action:          policy.ListBucketAction,
				BucketName:      bucket,
				ConditionValues: getConditionValues(r, "", auth.AnonymousCredentials),

    }

    public void test_throwAndCatch() {
        // Test throwing and catching the exception
        int expectedStatusCode = 403;
        String expectedMessage = "Access denied";

        try {
            throw new WebApiException(expectedStatusCode, expectedMessage);
        } catch (WebApiException e) {
            assertEquals(expectedStatusCode, e.getStatusCode());

	return "Object exists on : " + e.Bucket + " as directory " + e.Object
}

// PrefixAccessDenied object access is denied.
type PrefixAccessDenied GenericError

func (e PrefixAccessDenied) Error() string {
	return "Prefix access is denied: " + e.Bucket + SlashSeparator + e.Object
}

// BucketExists bucket exists.
type BucketExists GenericError

func (e BucketExists) Error() string {