`mc admin policy attach`

Syntax

Attaches one or more IAM policies to either a MinIO-managed user or a group.

Changed in version RELEASE.2023-05-27T05-56-19Z: To successfully attach a policy, the referenced user or group must exist.

Exactly one --user or one --group is required.

EXAMPLE

The following command attaches the readonly policy to the user james on the deployment at alias myminio.

mc admin policy attach myminio readonly --user james

SYNTAX

The command has the following syntax:

mc admin policy attach                       \
                TARGET                       \
                POLICY                       \
                [POLICY...]                  \
                [--user USER | --group GROUP]

Brackets [] indicate optional parameters.
Parameters sharing a line are mutually dependent.
Parameters separated using the pipe | operator are mutually exclusive.

Copy the example to a text editor and modify as-needed before running the command in the terminal/shell.

Important

This command is intended for managing policy associations for MinIO-managed users only.

For attaching policies to OpenID-managed users, see OpenID Connect Access Management.

For attaching policies to Active Directory/LDAP users or groups, use mc idp ldap policy attach.

Parameters

The mc admin policy attach command accepts the following arguments:

TARGET: Required
The alias of a configured MinIO deployment with the user or group for which you want to attach one or more policies.

POLICY

Required

The name of the policy to attach to either the user or the group.

You may attach multiple policies at once by separating each policy name with a space.

MinIO deployments include the following built-in policies by default:

--user

Optional

The username of the identity you want to attach the policy or policies to. You may only list one user.

You must include either the --user flag or the --group flag. You may not use the --user flag at the same time as the --group flag.

--group

Optional

The name of the group identity you want to attach the policy or policies to. You may only list one group.

All users with membership in the group inherit the policies associated to the group.

You must include either the --group flag or the --user flag. You may not use the --group flag at the same time as the --user flag.

Global Flags

This command supports any of the global flags.

Examples

Attach the readonly policy to user james on the deployment at alias myminio.

mc admin policy attach myminio readonly --user james

Attach the audit-policy and acct-policy policies to group legal on the deployment at alias myminio.

mc admin policy attach myminio audit-policy acct-policy --group legal