How to create a minio policy so that the user can only see his own bucket?

A

Anton2020-04-27 10:07:15

linux

Anton, 2020-04-27 10:07:15

In Minio I create 2 users and 2 buckets.
But these two users see both buckets.
How to create a minio policy so that the user can only see his own bucket?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

azrocketa, 2020-04-27
@azrocketa

If I understand correctly, here is a
similar
case

No it is not possible, we do something similar to what AWS does, user is not tied to buckets . Buckets exist for all users you just selectively give them access.

Try to solve the problem in a different way.
Run several copies of minio on different ports, one minio per isolated bucket, set nginx proxy in front of all minio servers.
If it is not possible to make different (sub) domains, try to spread them to different locations within the same domain.
This should work and isolate the buckets.
https://docs.minio.io/docs/setup-nginx-proxy-with-... -

Z

zend0, 2020-05-07
@zend0

let's say we have our backet01 bucket
Create a user
mc admin user add minio <user_name> <password>
Add a policy

mc admin policy add minio <policy_name> policy.json

We bind the policy to a user (or to a group if there is a group with several users)

mc admin policy set minio <policy_name> user=<user_name>

policy.json content

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::backet01"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::backet01/*"
            ]
        }
    ]
}

For a dive into these rights:
API_Operations.html
list_amazons3.html
aws-arns-and-namespaces.html