minio/docs/multi-user
Harshavardhana 54ae364def Introduce STS client grants API and OPA policy integration (#6168)
This PR introduces two new features

- AWS STS compatible STS API named AssumeRoleWithClientGrants

```
POST /?Action=AssumeRoleWithClientGrants&Token=<jwt>
```

This API endpoint returns temporary access credentials, access
tokens signature types supported by this API

  - RSA keys
  - ECDSA keys

Fetches the required public key from the JWKS endpoints, provides
them as rsa or ecdsa public keys.

- External policy engine support, in this case OPA policy engine

- Credentials are stored on disks
2018-10-09 14:00:01 -07:00
..

Minio multi-user Quickstart Guide Slack

This document explains how to add, revoke users. Multi-user as name implies means Minio supports long term users other than default credentials, each of these users can be configured to deny or allow access to buckets, resources.

Get started

In this document we will explain in detail on how to configure multiple users.

1. Prerequisites

2. Create a new user and policy

Create a new user newuser on Minio use mc admin users, with a newuser.json.

mc admin users add myminio newuser newuser123 /tmp/newuser.json

An example user policy, enables newuser to download all objects in my-bucketname.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::my-bucketname/*"
      ],
      "Sid": ""
    }
  ]
}

3. Revoke user

Temporarily revoke access for newuser.

mc admin users revoke myminio newuser

4. Remove user

Remove the user newuser.

mc admin users remove myminio newuser