minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-08-09 13:02:53 +03:00
Code Activity
Files
DOCS-860-part2a
docs/source/reference/minio-mc-admin/mc-admin-policy-detach.rst
Daryl White 840417a6f7 Doc updates for mc RELEASE.2023-03-20T17-17-53Z (#799) 
- Adds note that `mc support proxy set|remove` no longer require
registration
- Adds info about stale ARNs for `mc replicate status` command
- Additional information for --dry-run flag in `mc rm`
- Thoroughly updates and restructures `mc admin policy` commands
- Adds new `mc batch cancel` command
- Updates deprecated commands for newly deprecated mc admin policy
functions
- Fixes toctree on mc admin page to allow for mc admin policy subcommand
nesting

Closes #766

Other fixes not part of the release:
- Updates `--fake` flag on `mc rm` to `--dry-run`
- Updates `--fake` flag on `mc mirror` to `--dry-run`
2023-04-05 10:50:40 -05:00

3.3 KiB
Raw Permalink Blame History

mc admin policy detach

minio

Table of Contents

mc admin policy detach

Syntax

Remove one or more IAM policies from a user or group identity.

Exactly one ~mc admin policy detach --user or one ~mc admin policy detach --group is required.

EXAMPLE

The following command detaches the policy readonly from the user james on the deployment at alias myminio.

mc admin policy detach myminio readonly --user james

SYNTAX

The command has the following syntax:

mc admin policy detach TARGET                         \
                       POLICY                         \
                       [POLICY...]                    \
                       [--user USER | --group GROUP]

Parameters

The mc admin policy detach command accepts the following arguments:

TARGET

The alias <mc alias> of a configured MinIO deployment with the user or group for which you want to detach one or more policies.

POLICY

The name of the policy to detach from either the user or the group. You may detach multiple policies at once by separating each policy name with a space.

MinIO deployments include the following built-in policies <minio-policy-built-in> by default:

  • readonly
  • readwrite
  • diagnostics
  • writeonly
--user

The username of the identity you want to detach the policy or policies from. You may only list one user.

You must include either the --user flag or the --group flag. You may not use the --user flag at the same time as the --group flag.

--group

The name of the group identity you want to detach the policy or policies from. You may only list one group.

All users with membership in the group lose access to any permissions granted by the policies associated to the group, unless those are granted by other policies or groups the users belong to.

You must include either the --group flag or the --user flag. You may not use the --group flag at the same time as the --user flag.

Global Flags

Examples

Detach the policy readonly from the user james on the deployment at alias myminio.

mc admin policy detach myminio readonly --user james

Detach the audit-policy and acct-policy policies from group legal on the deployment at alias myminio.

mc admin policy detach myminio audit-policy acct-policy --group legal