mc admin user svcacct
Table of Contents
Description
The mc admin user svcacct
command creates and manages Access Keys on a MinIO deployment.
Each access keys is linked to a user identity and inherits the policies attached to it’s parent user or those groups in which the parent user has membership. Each access key also supports an optional inline policy which further restricts access to a subset of actions and resources available to the parent user.
mc admin user svcacct
only supports creating access keys for MinIO-managed and Active Directory/LDAP-managed accounts.
To create access keys for OpenID Connect-managed users, log into the MinIO Console and generate the access keys through the UI.
Use mc admin
on MinIO Deployments Only
MinIO does not support using mc admin
commands with other
S3-compatible services, regardless of their claimed compatibility with MinIO
deployments.
The mc admin user svcacct
command has the following subcommands:
Subcommand |
Description |
---|---|
Adds a new access keys to an existing MinIO or AD/LDAP user |
|
Lists the existing access keys associated to a MinIO or AD/LDAP user. |
|
Removes a access keys from a MinIO or AD/LDAP user. |
|
Returns detailed information on a access keys. |
|
Modifies the secret key or inline policy associated with a access keys. |
|
Enables a access keys. |
|
Disables a access keys. |
Syntax
- mc admin user svcacct add
Adds a new access keys associated to the specified user.
The following command creates a new access keys associated to an existing MinIO user:
mc admin user svcacct add \ --access-key "myuserserviceaccount" \ --secret-key "myuserserviceaccountpassword" \ --policy "/path/to/policy.json" \ myminio myuser
The command has the following syntax:
mc [GLOBALFLAGS] admin user svcacct add \ [--access-key] \ [--secret-key] \ [--policy] \ [--commment] \ ALIAS \ USER
- ALIAS
- Required
The alias of the MinIO deployment.
- USER
- Required
The name of the user to which MinIO adds the new access keys.
For MinIO-managed users, specify the access key for the user.
For Active Directory/LDAP users, specify the Distinguished Name of the user.
For OpenID Connect users, use the MinIO Console to generate access keys.
- --access-key
- Optional
The access key to associate with the new access keys. Omit to direct MinIO to autogenerate the access key for the new access keys.
Access Key names must be unique across all users.
- --secret-key
- Optional
The secret key to associate with the new access keys. Omit to direct MinIO to autogenerate the secret key for the new access keys.
- --policy
- Optional
The path to a policy document to attach to the new access keys. The attached policy cannot grant access to any action or resource not explicitly allowed by the parent user’s policies.
- mc admin user svcacct list, ls
Lists all access keys associated to the specified user.
The following command lists all access keys associated to an existing MinIO user:
mc admin user svcacct list myminio myuser
The command has the following syntax:
mc [GLOBALFLAGS] admin user svcacct list \ ALIAS \ USER
- ALIAS
- Required
The alias of the MinIO deployment.
- USER
- Required
The name of the user to which MinIO adds the new access keys.
For MinIO-managed users, specify the access key for the user.
For Active Directory/LDAP users, specify the Distinguished Name of the user.
For OpenID Connect users, use the MinIO Console to list access keys.
- mc admin user svcacct remove, rm
Removes a access keys associated to the specified user. Applications can no longer authenticate using that access keys after removal.
The following command removes the specified access keys:
mc admin user svcacct remove myminio myuserserviceaccount
The command has the following syntax:
mc [GLOBALFLAGS] admin user svcacct remove \ ALIAS \ SERVICEACCOUNT
- ALIAS
- Required
The alias of the MinIO deployment.
- mc admin user svcacct info
Returns a description of a access keys associated to the specified user. The description includes the parent user of the specified access keys, its status, and whether the access keys has an assigned inline policy.
The following command returns detailed information on the specified access keys:
mc admin user svcacct info --policy myminio myuserserviceaccount
The command has the following syntax:
mc [GLOBALFLAGS] admin user svcacct info \ [--policy] \ ALIAS \ SERVICEACCOUNT
- ALIAS
- Required
The alias of the MinIO deployment.
- mc admin user svcacct edit, set
Modifies the configuration of a access keys associated to the specified user.
The following command modifies the specified access keys:
mc admin user svcacct edit \ --secret-key "myuserserviceaccountnewsecretkey" \ --policy "/path/to/new/policy.json" \ myminio myuserserviceaccount
The command has the following syntax:
mc [GLOBALFLAGS] admin user svcacct edit \ [--secret-key] \ [--policy] \ ALIAS \ SERVICEACCOUNT
- ALIAS
- Required
The alias of the MinIO deployment.
- --secret-key
- Optional
The secret key to associate with the new access keys. Overwrites the previous secret key. Applications using the access keys must update to use the new credentials to continue performing operations.
- --policy
- Optional
The path to a policy document to attach to the new access keys. The attached policy cannot grant access to any action or resource not explicitly allowed by the parent user’s policies.
The new policy overwrites any previously attached policy.
- mc admin user svcacct enable
Enables a access keys for the specified user. Applications can only authenticate using enabled access keys.
The following command enables the specified access keys:
mc admin user svcacct enable myminio myuserserviceaccount
The command has the following syntax:
mc [GLOBALFLAGS] admin user svcacct enable \ ALIAS \ SERVICEACCOUNT
- ALIAS
- Required
The alias of the MinIO deployment.
- mc admin user svcacct disable
Disables a access keys for the specified user. Applications can only authenticate using enabled access keys.
The following command disables the specified access keys:
mc admin user svcacct disable myminio myuserserviceaccount
The command has the following syntax:
mc [GLOBALFLAGS] admin user svcacct disable \ ALIAS \ SERVICEACCOUNT
- ALIAS
- Required
The alias of the MinIO deployment.
Global Flags
This command supports any of the global flags.