fix: access for root user's STS credential (#13947)

add a test to cover this case
2025-11-06 20:33:07 -05:00 · 2021-12-19 23:05:20 -08:00
parent 0557e18472
commit 1f4e0bd17c
2 changed files with 80 additions and 0 deletions
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -1425,6 +1425,8 @@ func (sys *IAMSys) IsAllowedSTS(args iampolicy.Args, parentUser string) bool {
 			return false
 		}
 		policies = newMappedPolicy(sys.rolesMap[arn]).toSlice()
+	} else if parentUser == globalActiveCred.AccessKey {
+		policies = []string{"consoleAdmin"}
 	} else {
 		// Lookup the parent user's mapping if there's no role-ARN.
 		mp, ok := sys.store.GetMappedPolicy(parentUser, false)