func (store *IAMStoreSys) GetPolicy(name string) (policy.Policy, error) {
	if name == "" {
		return policy.Policy{}, errInvalidArgument
	}

	cache := store.rlock()
	defer store.runlock()

	policies := newMappedPolicy(name).toSlice()
	var toMerge []policy.Policy
	for _, policy := range policies {
		if policy == "" {
			continue
		}
		v, ok := cache.iamPolicyDocsMap[policy]

    loadBalancingWeight: 3
    locality: {}
  policy:
    overprovisioningFactor: 140
- clusterName: sds-grpc
  endpoints:
  - lbEndpoints:
    - endpoint:
        address:
          pipe:
            path: ./var/run/secrets/workload-spiffe-uds/socket
        healthCheckConfig: {}
      healthStatus: HEALTHY
      loadBalancingWeight: 1
    locality: {}
  policy:
    overprovisioningFactor: 140

	sessionPolicyArgs.IsOwner = false

	// Sub policy is set and valid.
	return hasSessionPolicy, subPolicy.IsAllowed(sessionPolicyArgs)
}

// GetCombinedPolicy returns a combined policy combining all policies
func (sys *IAMSys) GetCombinedPolicy(policies ...string) policy.Policy {
	_, policy := sys.store.FilterPolicies(strings.Join(policies, ","), "")
	return policy
}

		c.Fatalf("Expected to fail to create STS cred with no associated policy!")
	}

	// Attempting to set a non-existent policy should fail.
	userDN := "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
	err = s.adm.SetPolicy(ctx, policy+"x", userDN, false)
	if err == nil {
		c.Fatalf("should not be able to set non-existent policy")
	}

	err = s.adm.SetPolicy(ctx, policy, userDN, false)
	if err != nil {

```
mc admin group remove myminio newgroup
```

### 6. Change user or group policy

Change the policy for user `newuser` to `putonly` canned policy.

```
mc admin policy attach myminio putonly --user=newuser
```

Change the policy for group `newgroup` to `putonly` canned policy.

```
mc admin policy attach myminio putonly --group=newgroup
```

### 7. List all users or groups

import "net/http"

// Standard cross domain policy information located at https://s3.amazonaws.com/crossdomain.xml
const crossDomainXML = `<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false" /></cross-domain-policy>`

// Standard path where an app would find cross domain policy information.

		// collect IAM policy replication status across sites
		for p, pslc := range policyStats {
			var policies []*policy.Policy
			uPolicyCount := 0
			for _, ps := range pslc {
				plcy, err := policy.ParseConfig(bytes.NewReader([]byte(ps.SRIAMPolicy.Policy)))
				if err != nil {
					continue
				}
				policies = append(policies, plcy)
				uPolicyCount++

	}

	roleArn := policy.Args{Claims: cred.Claims}.GetRoleArn()
	policySetFromClaims, hasPolicyClaim := policy.GetPoliciesFromClaims(cred.Claims, iamPolicyClaimNameOpenID())
	var effectivePolicy policy.Policy

	var buf []byte
	switch {
	case accountName == globalActiveCred.AccessKey:
		for _, policy := range policy.DefaultPolicies {
			if policy.Name == "consoleAdmin" {

myminio else echo "User '$USER' already exists." fi #clean up credentials files. rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" set +e ; # policy already attach errors out, allow it. ${MC} admin policy attach myminio $POLICY --user=$USER set -e else echo "User '$USER' has no policy attached." fi } # Try connecting to MinIO instance {{- if .Values.tls.enabled }} scheme=https {{- else }} scheme=http {{-...

myminio else echo "User '$USER' already exists." fi #clean up credentials files. rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" set +e ; # policy already attach errors out, allow it. ${MC} admin policy attach myminio $POLICY --user=$USER set -e else echo "User '$USER' has no policy attached." fi } # Try connecting to MinIO instance {{- if .Values.tls.enabled }} scheme=https {{- else }} scheme=http {{-...