2019-04-09 14:39:42 -04:00
# MinIO Multi-user Quickstart Guide [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)
MinIO supports multiple long term users in addition to default user created during server startup. New users can be added after server starts up, and server can be configured to deny or allow access to buckets and resources to each of these users. This document explains how to add/remove users and modify their access rights.
2018-10-19 03:05:44 -04:00
2018-10-09 17:00:01 -04:00
## Get started
In this document we will explain in detail on how to configure multiple users.
### 1. Prerequisites
2019-04-09 14:39:42 -04:00
- Install mc - [MinIO Client Quickstart Guide ](https://docs.min.io/docs/minio-client-quickstart-guide.html )
- Install MinIO - [MinIO Quickstart Guide ](https://docs.min.io/docs/minio-quickstart-guide )
2018-12-26 20:52:18 -05:00
- Configure etcd (optional needed only in gateway or federation mode) - [Etcd V3 Quickstart Guide ](https://github.com/minio/minio/blob/master/docs/sts/etcd.md )
2018-10-09 17:00:01 -04:00
2018-10-19 03:05:44 -04:00
### 2. Create a new user with canned policy
2019-04-09 14:39:42 -04:00
Use [`mc admin policy` ](https://docs.min.io/docs/minio-admin-complete-guide.html#policies ) to create canned policies. Server provides a default set of canned policies namely `writeonly` , `readonly` and `readwrite` *(these policies apply to all resources on the server)* . These can be overridden by custom policies using `mc admin policy` command.
2018-10-19 03:05:44 -04:00
Create new canned policy file `getonly.json` . This policy enables users to download all objects under `my-bucketname` .
2018-10-09 17:00:01 -04:00
```json
2018-10-16 15:48:19 -04:00
cat > getonly.json < < EOF
2018-10-09 17:00:01 -04:00
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-bucketname/*"
],
"Sid": ""
}
]
}
2018-10-16 15:48:19 -04:00
EOF
2018-10-19 03:05:44 -04:00
```
2018-10-16 15:48:19 -04:00
2018-10-19 03:05:44 -04:00
Create new canned policy by name `getonly` using `getonly.json` policy file.
```
2018-11-29 18:50:57 -05:00
mc admin policy add myminio getonly getonly.json
2018-10-16 15:48:19 -04:00
```
2019-04-09 14:39:42 -04:00
Create a new user `newuser` on MinIO use `mc admin user` , specify `getonly` canned policy for this `newuser` .
2018-10-16 15:48:19 -04:00
```
2018-11-29 18:50:57 -05:00
mc admin user add myminio newuser newuser123 getonly
2018-10-09 17:00:01 -04:00
```
2018-10-16 23:39:44 -04:00
### 3. Disable user
Disable user `newuser` .
2018-10-09 17:00:01 -04:00
```
2018-11-29 18:50:57 -05:00
mc admin user disable myminio newuser
2018-10-09 17:00:01 -04:00
```
### 4. Remove user
Remove the user `newuser` .
```
2018-11-29 18:50:57 -05:00
mc admin user remove myminio newuser
2018-10-09 17:00:01 -04:00
```
2018-10-16 23:39:44 -04:00
2018-10-19 03:05:44 -04:00
### 5. Change user policy
Change the policy for user `newuser` to `putonly` canned policy.
```
2018-11-29 18:50:57 -05:00
mc admin user policy myminio newuser putonly
2018-10-19 03:05:44 -04:00
```
2018-10-16 23:39:44 -04:00
### 5. List all users
List all enabled and disabled users.
```
2018-11-29 18:50:57 -05:00
mc admin user list myminio
2018-10-16 23:39:44 -04:00
```
2018-11-08 12:42:47 -05:00
### 6. Configure `mc`
```
mc config host add myminio-newuser http://localhost:9000 newuser newuser123 --api s3v4
mc cat myminio-newuser/my-bucketname/my-objectname
```
2018-10-16 23:39:44 -04:00
## Explore Further
2019-04-09 14:39:42 -04:00
- [MinIO Client Complete Guide ](https://docs.min.io/docs/minio-client-complete-guide )
- [MinIO STS Quickstart Guide ](https://docs.min.io/docs/minio-sts-quickstart-guide )
- [MinIO Admin Complete Guide ](https://docs.min.io/docs/minio-admin-complete-guide.html )
- [The MinIO documentation website ](https://docs.min.io )