s3Error = checkRequestAuthType(ctx, r, policy.GetObjectVersionAttributesAction, bucket, object)
		if s3Error == ErrNone {
			s3Error = checkRequestAuthType(ctx, r, policy.GetObjectVersionAction, bucket, object)
		}
	} else {
		s3Error = checkRequestAuthType(ctx, r, policy.GetObjectAttributesAction, bucket, object)
		if s3Error == ErrNone {
			s3Error = checkRequestAuthType(ctx, r, policy.GetObjectAction, bucket, object)
		}
	}

	exit_1
fi

./mc admin policy remove minio3 projecta

sleep 10
./mc admin policy info minio1 projecta
if [ $? -eq 0 ]; then
	echo "expecting the command to fail, exiting.."
	exit_1
fi

./mc admin policy info minio2 projecta
if [ $? -eq 0 ]; then
	echo "expecting the command to fail, exiting.."
	exit_1
fi

./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
sleep 5

		return
	}

	if s3Error := checkRequestAuthType(ctx, r, policy.ListBucketVersionsAction, bucket, ""); s3Error != ErrNone {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL)
		return
	}
	var checkObjMeta metaCheckFn
	if metadata {
		checkObjMeta = func(name string, action policy.Action) (s3Err APIErrorCode) {
			return checkRequestAuthType(ctx, r, action, bucket, name)
		}
	}

### List of Amazon S3 Bucket APIs not supported on MinIO

- BucketACL (Use [bucket policies](https://docs.min.io/community/minio-object-store/administration/identity-access-management/policy-based-access-control.html) instead)
- BucketCORS (CORS enabled by default on all buckets for all HTTP verbs, you can optionally restrict the CORS domains)

client_id     (string)    unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com"
claim_name    (string)    JWT canned policy claim name, defaults to "policy"
claim_prefix  (string)    JWT claim namespace prefix e.g. "customer1/"
scopes        (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"

### Policy

An IAM policy in JSON format that you want to use as an inline session policy. This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the canned policy name and the policy set here. You cannot use this policy to grant more permissions than those allowed by the canned policy name being assumed.

}
```

Now you have successfully configured Dex IdP with MinIO.

> NOTE: Dex supports groups with external connectors so you can use `groups` as policy claim instead of `name`.

```
export MINIO_IDENTITY_OPENID_CLAIM_NAME=groups
```

and add relevant policies on MinIO using `mc admin policy create myminio/ <group_name> group-access.json`

## Explore Further

import jcifs.smb1.dcerpc.DcerpcHandle;
import jcifs.smb1.dcerpc.rpc;
import jcifs.smb1.smb1.SmbException;

/**
 * LSA policy handle for Local Security Authority operations.
 */
public class LsaPolicyHandle extends rpc.policy_handle {

    DcerpcHandle handle;

    /**
     * Constructs an LSA policy handle.
     *
     * @param handle the DCERPC handle
     * @param server the server name

# Security Policy

## Supported Versions

We support the past two Go releases (for example, Go 1.17.x and Go 1.18.x when Go 1.18.x is the latest stable release).

See https://go.dev/wiki/Go-Release-Cycle and in particular the
[Release Maintenance](https://go.dev/wiki/Go-Release-Cycle#release-maintenance)
part of that page.

## Reporting a Vulnerability

 */

package jcifs.dcerpc.msrpc;

import jcifs.dcerpc.ndr.NdrObject;

/**
 * MS-RPC query information policy operation.
 *
 * This class implements the LSARPC QueryInformationPolicy operation
 * for retrieving policy information from the Local Security Authority (LSA).
 */
public class MsrpcQueryInformationPolicy extends lsarpc.LsarQueryInformationPolicy {

    /**