initial importminio

3 files changed, 49 insertions, 0 deletions

diff --git a/user/README.md b/user/README.md
new file mode 100644
index 0000000..bede75a
--- /dev/null
+++ b/user/README.md
@@ -0,0 +1,19 @@
+# User Policies
+User policies apply to users and determine the read/write access they will have.
+This is useful to avoid needing to configure each bucket separately.
+
+## Policies
+The following policies are available:
+
+* useronly.json: Grants the user access to the bucket of their name.
+  For example, the user `foo` will be granted access to the bucket `foo` only.
+* userprefix.json: Grants the user access to buckets prefixed by their name.
+  For example, the user `foo` will be granted access to the buckets
+  `foo` and `foobar` but not `barfoo`.
+
+## Using
+Apply these policies as so:
+
+1. Download the file.
+2. `mcli admin policy add MYMINIO NAME NAME.json`
+3. `mcli admin policy set MYMINIO NAME user=USER`
diff --git a/user/useronly.json b/user/useronly.json
new file mode 100644
index 0000000..2300440
--- /dev/null
+++ b/user/useronly.json
@@ -0,0 +1,15 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "arn:aws:s3:::${aws:username}",
+        "arn:aws:s3:::${aws:username}/*"
+      ]
+    }
+  ]
+}
diff --git a/user/userprefix.json b/user/userprefix.json
new file mode 100644
index 0000000..609c108
--- /dev/null
+++ b/user/userprefix.json
@@ -0,0 +1,15 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "arn:aws:s3:::${aws:username}*",
+        "arn:aws:s3:::${aws:username}*/*"
+      ]
+    }
+  ]
+}