### Policy

An IAM policy in JSON format that you want to use as an inline session policy. This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the canned policy name and the policy set here. You cannot use this policy to grant more permissions than those allowed by the canned policy name being assumed.

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...

EY_TMP | ${MC} admin user add myminio else echo "User '$USER' already exists." fi #clean up credentials files. rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached." fi } # Try connecting to MinIO instance {{- if .Values.tls.enabled }} scheme=https {{- else }} scheme=http {{- end }} connectToMinio $scheme {{...

//	policy mapping
//
//	policy=... -> repeatable query parameter, specifying policy to query for
//	user/group mapping
//
// When all query parameters are omitted, returns mappings for all policies.
func (a adminAPIHandlers) ListLDAPPolicyMappingEntities(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	// Check authorization.

	objectAPI, cred := validateAdminReq(ctx, w, r,

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...

       run --server \
           --log-format=json-pretty \
           --log-level=debug \
           --set=decision_logs.console=true
```

### 2. Create a sample OPA Policy

In another terminal, create a policy that allows root user all access and for all other users denies `PutObject`:

```sh
cat > example.rego <<EOF
package httpapi.authz

import input

default allow = false

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...