mc admin group

Description

The mc admin group command manages groups on a AIStor deployment.

A group is a collection of users. Each group can have one or more assigned policies that explicitly list the actions and resources to which group members are allowed or denied access. Groups provide a simplified method for managing shared permissions among users with common access patterns and workloads.

Groups and Policy-Based Access Control

AIStor uses Policy-Based Access Control (PBAC) to support authorization of users who have successfully authenticated to the deployment. Each policy includes rules that dictate the allowed or denied actions/resources on the deployment. You can assign one or more policies to a group. Users with membership in the group inherit the group’s assigned policies. A user’s total set of permissions includes their explicitly assigned policies and any policies inherited via group membership.

Newly created groups have no policies by default. To configure a group’s assigned policies, use the mc admin policy attach command.

For more information on AIStor users and groups, see User Management and Group Management. For more information on AIStor policies, see MinIO Policy Based Access Control.

Syntax

mc admin group add

Adds an existing user to the group. The command creates the group if it does not exist. The command has the following syntax:

mc admin group add TARGET GROUPNAME MEMBERS

The command accepts the following arguments:

TARGET

The alias of a configured AIStor deployment on which the command adds users to the new or existing group.

GROUPNAME

The name of the group. The command creates the group if it does not already exist. Use mc admin group ls to review the existing groups on a deployment.

A group name cannot contain the characters = (equal sign) or , (comma).

MEMBERS

The name of the user to add to the group.

The user must exist on the TARGET AIStor deployment. Use mc admin user ls to review the available users on the deployment.

mc admin group info

Returns details for the group on the target deployment, such as all users with membership in the group and the assigned policies. The command has the following syntax:

mc admin group info TARGET GROUPNAME

The command accepts the following arguments:

TARGET

The alias of a configured AIStor deployment from which to retrieve the group information.

GROUPNAME

The name of the group.

mc admin group ls, list

List all groups on the target AIStor deployment. The command has the following syntax:

mc admin group ls TARGET

The command accepts the following arguments:

TARGET

The alias of a configured AIStor deployment from which to retrieve groups.

mc admin group rm, remove

Removes a group on the target AIStor deployment. Removing a group does not remove any users with membership in the group. Use mc admin user rm to remove users from a group.

The command has the following syntax:

mc admin group rm TARGET GROUPNAME

The command accepts the following arguments:

TARGET

The alias of a configured AIStor deployment on which to remove the group.

GROUPNAME

The name of the group to remove.

mc admin group enable

Enables the group on the target AIStor deployment. Users can only inherit policies from an enabled group. Groups are enabled on creation by default. The command has the following syntax:

mc admin group enable TARGET GROUPNAME

The command accepts the following arguments:

TARGET

The alias of a configured AIStor deployment on which to enable the group.

GROUPNAME

The name of the group to enable-

mc admin group disable

Disables the group on the target AIStor deployment. Users cannot inherit policies from a disabled group. The command has the following syntax:

mc admin group disable TARGET GROUPNAME

The command accepts the following arguments:

TARGET

The alias of a configured AIStor deployment on which to disable the group.

GROUPNAME

The name of the group to disable.

Examples

Create a New Group

Use mc admin group add to create a new group to an S3-compatible host:

mc admin group add ALIAS GROUPNAME MEMBER [MEMBER...]
  • Replace ALIAS with the alias of the S3-compatible host.
  • Replace GROUPNAME with the name of the group to create.
  • Replace MEMBER with at least one user on the S3 host. Specify multiple members as a list: MEMBER1 MEMBER2 MEMBER3

List Available Groups

Use mc admin group ls to list list all groups on an S3-compatible host:

mc admin group ls ALIAS
  • Replace ALIAS with the alias of the S3-compatible host.

View Group Details

Use mc admin group info to view detailed group information on an S3-compatible host:

mc admin group info ALIAS GROUPNAME
  • Replace ALIAS with the alias of the S3-compatible host.
  • Replace GROUPNAME with the name of the group.

Remove a Group

Use mc admin group rm to remove a group from an S3-compatible host:

mc admin group rm ALIAS GROUPNAME
  • Replace ALIAS with the alias of the S3-compatible host.
  • Replace GROUPNAME with the name of the group.

Disable a Group

Use mc admin group disable to disable a group on an S3-compatible host:

mc admin group disable ALIAS GROUPNAME
  • Replace ALIAS with the alias of the S3-compatible host.
  • Replace GROUPNAME with the name of the group.

Enable a Group

Use mc admin group enable to enable a group on an S3-compatible host:

mc admin group enable ALIAS GROUPNAME
  • Replace ALIAS with the alias of the S3-compatible host.
  • Replace GROUPNAME with the name of the group.
All rights reserved 2024-Present, MinIO, Inc.