Documentation

Group Management

Overview

A group is a collection of users. Each group can have one or more assigned policies that explicitly list the actions and resources to which group members are allowed or denied access.

For example, consider the following groups. Each group is assigned a built-in policy or supported policy action. Each group also has one or more assigned users. Each user’s total set of permissions consists of their explicitly assigned permission and the inherited permissions from each of their assigned groups. MinIO by default denies access to any resource or operation not explicitly allowed by a user’s assigned or inherited policies.

Group

Policy

Members

Operations

readwrite on finance bucket
readonly on audit bucket

john.doe, jane.doe

Auditing

readonly on audit bucket

jen.doe, joe.doe

Admin

admin:*

greg.doe, jen.doe

Groups provide a simplified method for managing shared permissions among users with common access patterns and workloads. Client’s cannot authenticate to a MinIO deployment using a group as an identity.

The mc admin group command supports the creation and management of groups on the MinIO deployment. See the command reference for examples of usage.