minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-04-27 18:36:56 +03:00
Code
docs/source/reference/minio-mc-admin/mc-admin-policy-create.rst
Andrea Longo afc7a03071
Docs 860 part1: max policy document size, webhook metrics (#882) 
Docs updates for two items from [MinIO
RELEASE.2023-05-18T00-05-36Z](https://github.com/minio/docs/issues/860):

* Max policy size of 2KiB for service accounts
I _think_ this change now means json policy documents have the same max
size in all cases. The limit wasn't documented previously. This change
adds max size info throughout, not only for service accounts.
* Webhook usage metrics

Staged:

http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-user-svcacct-add.html

http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-user-svcacct-edit.html

http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-policy-create.html

http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/administration/identity-access-management/policy-based-access-control.html#policy-document-structure


Partly addresses https://github.com/minio/docs/issues/860

---------

Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
2023-06-14 15:32:03 -06:00

2.8 KiB
Raw Blame History

mc admin policy create

minio

Table of Contents

mc admin policy create

Syntax

Creates a new policy on the target MinIO deployment.

MinIO deployments include the following built-in policies <minio-policy-built-in> by default:

  • readonly
  • readwrite
  • diagnostics
  • writeonly

EXAMPLE

Consider the following JSON policy document saved at a file called /tmp/listmybuckets.json:

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
            "s3:ListAllMyBuckets"
         ],
         "Resource": [
            "arn:aws:s3:::*"
         ]
      }
   ]
}

The following command creates a new policy called listmybuckets on the alias myminio using the policy found at the file /tmp/listmybuckets.json.

mc admin policy create myminio listmybuckets /tmp/listmybuckets.json

SYNTAX

The command has the following syntax:

mc admin policy create     \
                TARGET     \
                POLICYNAME \
                POLICYPATH

Parameters

The mc admin policy create command accepts the following arguments:

TARGET

The alias <mc alias> of a configured MinIO deployment on which to add the new policy.

POLICYNAME

The name of the policy to add.

Specifying the name of an existing policy overwrites that policy on the ~mc admin policy create TARGET MinIO deployment.

POLICYPATH

The file path of the policy to add. The file must be a JSON-formatted file with IAM-compatible syntax <reference_policies.html> and no more than 2048 characters.

Global Flags

Examples

Create a new policy called writeonly from the JSON file at /tmp/writeonly.json on the deployment at the alias myminio.

mc admin policy create myminio writeonly /tmp/writeonly.json