Special Privilege Policies

Special privilege policies govern the following system level authorizations:

Policy Privilege Resource Descriptor

Can Manage Buckets (Read)

Allows users to read from all buckets

resource="/buckets" action="R"

Can Manage Buckets (Write)

Allows users to write to all buckets

resource="/buckets" action="W"

Can Manage Buckets (Delete)

Allows users to delete all buckets

resource="/buckets" action="D"

Can Manage Users (Read)

Allows users to view users

resource="/tenants" action="R"

Can Manage Users (Write)

Allows users to create and modify users

resource="/tenants" action="W"

Can Manage Users (Delete)

Allows users to delete users

resource="/tenants" action="D"

Can Manage Policies (Read)

Allows users to view policies

resource="/policies" action="R"

Can Manage Policies (Write)

Allows users to create and modify policies

resource="/policies" action="W"

Can Manage Policies (Delete)

Allows users to delete policies

resource="/policies" action="D"

Can Proxy Requests (Read)

Allows users to proxy read requests (GET)

resource="/proxy" action="R"

Can Proxy Requests (Write)

Allows users to proxy write requests (POST, PUT, PATCH)

resource="/proxy" action="W"

Can Proxy Requests (Delete)

Allows users to proxy delete requests (DELETE)

resource="/proxy" action="D"

View Swagger

Allows users to access the self-hosted Swagger UI

resource="/swagger" action="R"

View Actuator

Allows users to access the Spring Boot Actuator end-points

resource="/actuator" action="R"