diff --git a/cmd/bucket-object-lock.go b/cmd/bucket-object-lock.go index 1ffcb8cc7..cbfc557a2 100644 --- a/cmd/bucket-object-lock.go +++ b/cmd/bucket-object-lock.go @@ -156,11 +156,8 @@ func enforceRetentionBypassForDelete(ctx context.Context, r *http.Request, bucke return ErrNone } // https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes - // If you try to delete objects protected by governance mode and have s3:BypassGovernanceRetention - // or s3:GetBucketObjectLockConfiguration permissions, the operation will succeed. - govBypassPerms1 := checkRequestAuthType(ctx, r, policy.BypassGovernanceRetentionAction, bucket, object.ObjectName) - govBypassPerms2 := checkRequestAuthType(ctx, r, policy.GetBucketObjectLockConfigurationAction, bucket, object.ObjectName) - if govBypassPerms1 != ErrNone && govBypassPerms2 != ErrNone { + // If you try to delete objects protected by governance mode and have s3:BypassGovernanceRetention, the operation will succeed. + if checkRequestAuthType(ctx, r, policy.BypassGovernanceRetentionAction, bucket, object.ObjectName) != ErrNone { return ErrAccessDenied } }