```
mc admin policy attach myminio getonly --user=newuser
```

### 3. Create a new group

```
mc admin group add myminio newgroup newuser
```

Once the group is successfully created you can now apply the `getonly` policy for this group.

```
mc admin policy attach myminio getonly --group=newgroup
```

### 4. Disable user

Disable user `newuser`.

#### Время ответа помогает злоумышленникам { #the-time-to-answer-helps-the-attackers }

Замечая, что сервер прислал «Неверное имя пользователя или пароль» на несколько микросекунд позже, злоумышленники поймут, что какая-то часть была угадана — начальные буквы верны.

    # Return some error
    ...
```

Porém, ao utilizar o `secrets.compare_digest()`, isso estará seguro contra um tipo de ataque chamado "timing attacks" (ataques de temporização).

### Ataques de Temporização { #timing-attacks }

Mas o que é um "timing attack" (ataque de temporização)?

Vamos imaginar que alguns invasores estão tentando adivinhar o usuário e a senha.

- For volumes that allow attaches across multiple nodes, attach and detach operations across different nodes are now executed in parallel. ([#89241](https://github.com/kubernetes/kubernetes/pull/89241), [@verult](https://github.com/verult)) [SIG Apps, Node and Storage]

* attachdetach controller attaches volumes immediately when Pod's PVCs are bound ([#66863](https://github.com/kubernetes/kubernetes/pull/66863), [@cofyc](https://github.com/cofyc))

                + " It is derived from the main artifact.");
    }

    @Override
    public String getBaseVersion() {
        return parent.getBaseVersion();
    }

    @Override
    public void setBaseVersion(String baseVersion) {
        throw new UnsupportedOperationException("Cannot change the version information for an attached artifact."

			c.Fatalf("Expected exactly one policy attached to user")
		case entities.UserMappings[0].Policies[0] != policy:
			c.Fatalf("Expected attached policy `%s`, found `%s`", policy, entities.UserMappings[0].Policies[0])
		case len(entities.UserMappings[0].MemberOfMappings) != 1:
			c.Fatalf("Expected exactly one group attached to user")

  /**
   * Returns the tag attached with [type] as a key, or null if no tag is attached with that key.
   *
   * The tags on a call are seeded from the [request tags][Request.tag]. This set will grow if new
   * tags are computed.
   */
  fun <T : Any> tag(type: KClass<T>): T?

  /**
   * Returns the tag attached with [type] as a key, or null if no tag is attached with that key.
   *

		}()
	} else {
		// Create a regular user and attach consoleAdmin policy
		err := s.adm.AddUser(ctx, "foobar", "foobar123")
		if err != nil {
			c.Fatalf("could not create user")
		}

		_, err = s.adm.AttachPolicy(ctx, madmin.PolicyAssociationReq{
			Policies: []string{"consoleAdmin"},
			User:     "foobar",
		})
		if err != nil {
			c.Fatalf("could not attach policy")
		}

#### Die Zeit zum Antworten hilft den Angreifern { #the-time-to-answer-helps-the-attackers }