# OPA Quickstart Guide [![Slack](https://slack.minio.io/slack?type=svg)](https://slack.minio.io) OPA is a lightweight general-purpose policy engine that can be co-located with MinIO server, in this document we talk about how to use OPA HTTP API to authorize requests. It can be used with any type of credentials (STS based like OpenID or LDAP, regular IAM users or service accounts). OPA is enabled through MinIO's Access Management Plugin feature. ## Get started ### 1. Start OPA in a container ```sh podman run -it \ --name opa \ --publish 8181:8181 \ docker.io/openpolicyagent/opa:0.40.0-rootless \ run --server \ --log-format=json-pretty \ --log-level=debug \ --set=decision_logs.console=true ``` ### 2. Create a sample OPA Policy In another terminal, create a policy that allows root user all access and for all other users denies `PutObject`: ```sh cat > example.rego <