Policies in Wasabi Hot Cloud Storage

  • Updated on Apr 7, 2025
  • Published on Jul 22, 2022
  • 1 minute(s) read
Prev Next

What is a Policy?

Each user and group can be associated with one or more policies to define the actions that a user or group member can perform and the conditions under which those actions can take place. You can attach a policy to a user, group, and/or role.

You can create up to 1000 policies per account. 

You can attach a policy to a bucket. This is described in Bucket Policy.

Wasabi provides predefined policies that you can attach to a user, group, and/or role. These policies are:

  • AdministratorAccess—Gives full access to all resources (IAM and S3) with no limitation whatsoever.
  • AmazonS3Full Access—Gives full access to all S3 resources, but no IAM access.
  • AmazonS3ReadOnlyAccess—Gives just the Get and List permissions on any S3 resource/bucket, but no IAM access.
  • IAMUserChangePassword—Gives the user permission to change his/her password upon initial sign in.
  • ManageWCSM Replication—Gives the user permission to manage Wasabi Cloud Sync Manager (WCSM) replication features. 
  • WasabiAccountStatsAccess—Gives root users full access to the account stats endpoints and to the bucket stats endpoints for all buckets.
  • WasabiBucketStatsAccess—Gives sub-users limited access to the bucket utilization endpoints.
  • WasabiAdministratorAccess—Gives full access to all resources (IAM  and S3) with no limitation whatsoever. This is similar to AdministratorAccess, above.
  • WasabiFullAccess—Gives full permissions to all S3 resources and sign in permissions to users.
  • WasabiManageEventNotifications—Gives the user permission to manage event notifications. 
  • WasabiModifyBillingAccess—Gives the user permission to modify the billing access portal.
  • WasabiReadOnlyAccess—Gives just the Get and List permissions to all S3 resources and login permissions to users.
  • WasabiViewAuditLogs—Gives the user permission to view and download the audit logs.
  • WasabiViewBillingAccess—Gives the user permission to view the billing access portal.
  • WasabiViewEventNotifications—Gives the user permission to view event notifications.
  • WasabiWriteOnlyAccess—Gives just the Put and MultipartAbort permissions to all S3 resources, but no IAM access. The user cannot sign in with just this policy attached.