Product
MinIO Enterprise Object Store
Overview Architecture
Features
MinIO for Public Cloud
AWS GCS Azure
MinIO for Private Cloud
OpenShift SUSE Rancher Tanzu
MinIO for Baremetal
Linux and Windows
Determine your raw and usable capacity Erasure Code Calculator MinIO's Recommended Hardware Configuration Reference Hardware
Solutions
AI Storage Object storage is powering the AI revolution. Learn how MinIO is leading the AI storage market through performance at scale. Modern Datalakes Modern, multi-engine datalakes depend on object stores that deliver performance at scale. Learn more about this core MinIO use case. Hybrid Cloud Effective multi-cloud storage strategies rely on utilizing architecture and tools that can function seamlessly across diverse environments. Equinix Repatriate your data onto the cloud you control with MinIO on Equinix to lower costs while maintaining public cloud adjacency. Splunk Find out how MinIO is delivering performance at scale for Splunk SmartStores. Snowflake Query and analyze multiple data sources, including streaming data, residing on MinIO with the Snowflake Data Cloud. No need to move the data, just query using SnowSQL. SQL Server Discover how to pair SQL Server 2022 with MinIO to run queries on your data on any cloud - without having to move it. HDFS Migration Modernize and simplify your big data storage infrastructure with high-performance, Kubernetes-native object storage from MinIO. VMware Discover how MinIO integrates with VMware across the portfolio from the Persistent Data platform to TKG and how we support their Kubernetes ambitions. Veeam Learn how MinIO and Veeam have partnered to drive performance and scalability for a variety of backup use cases. Commvault Learn how Commvault and MinIO are partnered to deliver performance at scale for mission critical backup and restore workloads. Integrations Browse our vast portfolio of integrations.
Community
GitHub Join our GitHub open source community: explore, experiment, ask questions, and contribute. Slack Channel The MinIO Community Slack provides an open forum for discussing topics related to MinIO. All support is provided on a best-effort basis.
Docs Blog Resources Training Partner Pricing Download

YouTube Summaries: Identity and Access Management

Burke Gibson Burke Gibson on YouTube Summaries
YouTube Summaries: Identity and Access Management

For our next educational YouTube course, MinIO’s Will Dinyes is covering identity and access management. This six-part series goes quick, but is packed with a massive amount of information. By the end, you should be able to set up users and groups within MinIO, assign them policies that determine their levels of access, create custom policies and rulesets, and interface with external systems like OpenID and LDAP.

First, Will provides an overview of built in policies that exist within MinIO and how to add or modify your own. MinIO comes already equipped with standard identity and access policies, identity provider (IDP), but allows you to modify these policies and use LDAP and OpenID if required by your organization.

MinIO’s default for authorized users is to deny access unless otherwise specified. These default policies are compatible with AWS policies for ease of migration, and include consoleAdmin (full access), readonly (can get specific objects, no listing permissions), readwrite (can read and write all objects and buckets), writeonly (can put objects into existing buckets, cannot create buckets), and diagnostics (for subnet access). In this first video, Will provides a demo on a new sample MinIO instance to show how to manage and edit these policies.

The next video is about using IDP to manage users and groups, either using MinIO’s built in IDP or your own.  Users consist of a unique access key and secret key—basically a username and password—that can have any number of policies assigned. Users can be grouped based on sets of policies to allow for easy management within your organization. It’s important to note that when a MinIO server is set up, a root user and password are created by MinIO that defaults to minioadmin/minioadmin that is not managed by the MinIO IDP—for security reasons, it is paramount that you change this using environment variables or a config file before deploying publicly.

Third is interfacing with OpenID and LDAP to manage groups and users externally to MinIO. Though we recommend using the MinIO IDP if you are just getting started, in a commercial application there are many reasons you may want to move away from it—MinIO’s IDP has no single sign-on, it isn’t centralized, and it must be managed through MinIO.

When using OpenID, the policy definitions will remain on MinIO, but you can add a flag to tell OpenID to tell MinIO which policies should be attached. With LDAP, it works in the other direction—you tell MinIO which policies to attach to which users and groups coming from LDAP. When using either of these, the MinIO IDP is deactivated, but the root user mentioned in the previous video is still available. As the process gets a bit more complicated than can be described in a quick blog, we recommend following along with the second half of the video where Will runs through connecting to OIDC and LDAP.

After covering the high-level concepts in the first three videos, Will has three hands-on lab sessions you can follow where he shows how to do just about every action possible related to identity and access management—on on setting up users, groups and policies, another on creating custom policies within MinIO, and finally a demonstration on how to interface with OpenID and LDAP. We highly recommend following along with these as you set up your own MinIO instance (especially if it is a first) to ensure you do not miss anything.

Properly managing users, groups, and policies in your MinIO instance from the beginning is critical to not only ensure your data is secure, but to maximize your object store’s functionality and your team’s productivity. We hope this series helps—as always, please reach out to us with any questions, and keep a lookout for future courses on our channel.


For more detailed information about installing, running, and using MinIO in any environment, please refer to our documentation here. To learn more about MinIO or get involved in our community, please visit us at min.io or join our public slack channel. If you want to see the other summaries, you can use the YouTube Summaries tag.

Previous Post Next Post
S3 Select Security Modern Data Lakes Apache Presto SQL Performance S3 Brand/Design Golang Programming Cloud Computing Microservices Docker AWS Kubernetes Apache Spark Open Source Benchmarks Integrations SUBNET Edge Computing Sidekick Secure-by-Design Splunk Veeam Intel Apache Nifi Immutability Software Defined Storage VMware Apache Arrow Hybrid Cloud Red Hat OpenShift Multicloud Scalability Cloud Field Day Cloud Native Apache Kafka Architect's Guide Awards Operator's Guide Security Advisory AI/ML AGPLv3 Apache Hadoop SFD Azure GCP Observability Analytics R H20 DirectPV DevOps Apache Iceberg Apache Hudi YouTube Summaries EKS Elastic Load Balancers CI/CD Object Storage Compliance opentelemetry BC/DR Storage Newsletter Predictions Best Practices Dremio New MinIO Features partners Small Files Databases DuckDB PostgreSQL Delta Lake Cloud Repatriation Python Object Lambdas Data Pipelines Cloud Operating Model Webhook ClickHouse Vector Database Events Value Engineering Change Data Capture Enterprise Object Store GitOps Case Study Equinix