mirror of
https://github.com/minio/docs.git
synced 2025-07-30 07:03:26 +03:00
afc7a03071
Docs updates for two items from [MinIO RELEASE.2023-05-18T00-05-36Z](https://github.com/minio/docs/issues/860): * Max policy size of 2KiB for service accounts I _think_ this change now means json policy documents have the same max size in all cases. The limit wasn't documented previously. This change adds max size info throughout, not only for service accounts. * Webhook usage metrics Staged: http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-user-svcacct-add.html http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-user-svcacct-edit.html http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-policy-create.html http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/administration/identity-access-management/policy-based-access-control.html#policy-document-structure Partly addresses https://github.com/minio/docs/issues/860 --------- Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
115 lines
2.8 KiB
ReStructuredText
115 lines
2.8 KiB
ReStructuredText
==========================
|
|
``mc admin policy create``
|
|
==========================
|
|
|
|
.. default-domain:: minio
|
|
|
|
.. contents:: Table of Contents
|
|
:local:
|
|
:depth: 2
|
|
|
|
.. mc:: mc admin policy create
|
|
|
|
Syntax
|
|
------
|
|
|
|
.. start-mc-admin-policy-create-desc
|
|
|
|
Creates a new policy on the target MinIO deployment.
|
|
|
|
.. end-mc-admin-policy-create-desc
|
|
|
|
MinIO deployments include the following :ref:`built-in policies <minio-policy-built-in>` by default:
|
|
|
|
- :userpolicy:`readonly`
|
|
- :userpolicy:`readwrite`
|
|
- :userpolicy:`diagnostics`
|
|
- :userpolicy:`writeonly`
|
|
|
|
.. tab-set::
|
|
|
|
.. tab-item:: EXAMPLE
|
|
|
|
|
|
Consider the following JSON policy document saved at a file called ``/tmp/listmybuckets.json``:
|
|
|
|
.. code-block:: javascript
|
|
:class: copyable
|
|
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"s3:ListAllMyBuckets"
|
|
],
|
|
"Resource": [
|
|
"arn:aws:s3:::*"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
|
|
The following command creates a new policy called ``listmybuckets`` on the :term:`alias` ``myminio`` using the policy found at the file ``/tmp/listmybuckets.json``.
|
|
|
|
.. code-block:: shell
|
|
:class: copyable
|
|
|
|
mc admin policy create myminio listmybuckets /tmp/listmybuckets.json
|
|
|
|
.. tab-item:: SYNTAX
|
|
|
|
The command has the following syntax:
|
|
|
|
.. code-block:: shell
|
|
:class: copyable
|
|
|
|
mc admin policy create \
|
|
TARGET \
|
|
POLICYNAME \
|
|
POLICYPATH
|
|
|
|
|
|
.. include:: /includes/common-minio-mc.rst
|
|
:start-after: start-minio-syntax
|
|
:end-before: end-minio-syntax
|
|
|
|
|
|
Parameters
|
|
~~~~~~~~~~
|
|
|
|
The :mc-cmd:`mc admin policy create` command accepts the following arguments:
|
|
|
|
.. mc-cmd:: TARGET
|
|
|
|
The :mc-cmd:`alias <mc alias>` of a configured MinIO deployment on which to add the new policy.
|
|
|
|
.. mc-cmd:: POLICYNAME
|
|
|
|
The name of the policy to add.
|
|
|
|
Specifying the name of an existing policy overwrites that policy on the :mc-cmd:`~mc admin policy create TARGET` MinIO deployment.
|
|
|
|
.. mc-cmd:: POLICYPATH
|
|
|
|
The file path of the policy to add.
|
|
The file *must* be a JSON-formatted file with :iam-docs:`IAM-compatible syntax <reference_policies.html>` and no more than 2048 characters.
|
|
|
|
Global Flags
|
|
~~~~~~~~~~~~
|
|
|
|
.. include:: /includes/common-minio-mc.rst
|
|
:start-after: start-minio-mc-globals
|
|
:end-before: end-minio-mc-globals
|
|
|
|
Examples
|
|
--------
|
|
|
|
Create a new policy called ``writeonly`` from the JSON file at ``/tmp/writeonly.json`` on the deployment at the alias ``myminio``.
|
|
|
|
.. code-block:: shell
|
|
:class: copyable
|
|
|
|
mc admin policy create myminio writeonly /tmp/writeonly.json
|