# Create/Assign Access Policy

For a User to acccess a Bucket, you'll need to create a Access Policy that defines Permissions

These are defined in `json`

#### Example Definition File

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<bucket-name>"
    },
    {
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<bucket-name>/*"
    }
  ]
}
```

##### What this File does:

```json
{
  "Action": [
    "s3:GetBucketLocation",
    "s3:ListBucket"
  ],
  "Effect": "Allow",
  "Resource": "arn:aws:s3:::<bucket-name>"
},
```

- Allows Listing and Location Info for Bucket `arn:aws:s3:::<bucket-name>`

```json
    {
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<bucket-name>/*"
    }
```

- Allows Get (Read), Put (Upload) and Delete (Guess?) Permissions on Bucket `arn:aws:s3:::<bucket-name>` and to all Subdirectories `/*`

#### Creating a Policy

```
mc admin policy create <name> <policy-name> <path-to-policy-json-file>
```

#### Applying a Policy

```
mc admin policy attach <name> <policy-name> user=<username>
```