minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity
Files
rename
docs/source/reference/minio-mc-admin/mc-admin-policy-detach.rst
Ravind Kumar 6a1697c9f5 DOCS-1022: Use 'mc idp ldap policy' for AD/LDAP policy assignments (#1026) 
---------

Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
2023-10-05 16:59:43 -04:00

3.7 KiB
Raw Permalink Blame History

mc admin policy detach

minio

Table of Contents

mc admin policy detach

Syntax

Remove one or more IAM policies from either a MinIO-managed user or a group <minio-users>.

Exactly one ~mc admin policy detach --user or one ~mc admin policy detach --group is required.

EXAMPLE

The following command detaches the policy readonly from the user james on the deployment at alias myminio.

mc admin policy detach myminio readonly --user james

SYNTAX

The command has the following syntax:

mc admin policy detach TARGET                         \
                       POLICY                         \
                       [POLICY...]                    \
                       [--user USER | --group GROUP]

Important

This command is intended for managing policy associations for MinIO-managed <minio-users> users only.

For managing policies to OpenID-managed users, see minio-external-identity-management-openid.

For detaching policies from Active Directory/LDAP users or groups, use mc idp ldap policy detach.

Parameters

The mc admin policy detach command accepts the following arguments:

TARGET

The alias <mc alias> of a configured MinIO deployment with the user or group for which you want to detach one or more policies.

POLICY

The name of the policy to detach from either the user or the group. You may detach multiple policies at once by separating each policy name with a space.

MinIO deployments include the following built-in policies <minio-policy-built-in> by default:

  • readonly
  • readwrite
  • diagnostics
  • writeonly
--user

The username of the identity you want to detach the policy or policies from. You may only list one user.

You must include either the --user flag or the --group flag. You may not use the --user flag at the same time as the --group flag.

--group

The name of the group identity you want to detach the policy or policies from. You may only list one group.

All users with membership in the group lose access to any permissions granted by the policies associated to the group, unless those are granted by other policies or groups the users belong to.

You must include either the --group flag or the --user flag. You may not use the --group flag at the same time as the --user flag.

Global Flags

Examples

Detach the policy readonly from the user james on the deployment at alias myminio.

mc admin policy detach myminio readonly --user james

Detach the audit-policy and acct-policy policies from group legal on the deployment at alias myminio.

mc admin policy detach myminio audit-policy acct-policy --group legal