Access Rules for bucket (#941)

* access rules * separate DELETE API call Co-authored-by: Adam Stafford <adamstafford@Adams-MacBook-Pro.local>
2021-08-16 19:41:35 -07:00
parent dfe7e5aa58
commit 4e8763995e
30 changed files with 3021 additions and 0 deletions
--- a/models/access_rule.go
+++ b/models/access_rule.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// AccessRule access rule
+//
+// swagger:model accessRule
+type AccessRule struct {
+
+	// access
+	Access string `json:"access,omitempty"`
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+}
+
+// Validate validates this access rule
+func (m *AccessRule) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this access rule based on context it is used
+func (m *AccessRule) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AccessRule) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AccessRule) UnmarshalBinary(b []byte) error {
+	var res AccessRule
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/list_access_rules_response.go
+++ b/models/list_access_rules_response.go
@@ -0,0 +1,132 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ListAccessRulesResponse list access rules response
+//
+// swagger:model listAccessRulesResponse
+type ListAccessRulesResponse struct {
+
+	// list of policies
+	AccessRules []*AccessRule `json:"accessRules"`
+
+	// total number of policies
+	Total int64 `json:"total,omitempty"`
+}
+
+// Validate validates this list access rules response
+func (m *ListAccessRulesResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAccessRules(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ListAccessRulesResponse) validateAccessRules(formats strfmt.Registry) error {
+	if swag.IsZero(m.AccessRules) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.AccessRules); i++ {
+		if swag.IsZero(m.AccessRules[i]) { // not required
+			continue
+		}
+
+		if m.AccessRules[i] != nil {
+			if err := m.AccessRules[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("accessRules" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this list access rules response based on the context it is used
+func (m *ListAccessRulesResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateAccessRules(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ListAccessRulesResponse) contextValidateAccessRules(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.AccessRules); i++ {
+
+		if m.AccessRules[i] != nil {
+			if err := m.AccessRules[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("accessRules" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ListAccessRulesResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ListAccessRulesResponse) UnmarshalBinary(b []byte) error {
+	var res ListAccessRulesResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/prefix_access_pair.go
+++ b/models/prefix_access_pair.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// PrefixAccessPair prefix access pair
+//
+// swagger:model prefixAccessPair
+type PrefixAccessPair struct {
+
+	// access
+	Access string `json:"access,omitempty"`
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+}
+
+// Validate validates this prefix access pair
+func (m *PrefixAccessPair) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this prefix access pair based on context it is used
+func (m *PrefixAccessPair) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PrefixAccessPair) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PrefixAccessPair) UnmarshalBinary(b []byte) error {
+	var res PrefixAccessPair
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/portal-ui/build/static/css/2.60e04a19.chunk.css
+++ b/portal-ui/build/static/css/2.60e04a19.chunk.css
--- a/portal-ui/build/static/css/2.60e04a19.chunk.css.map
+++ b/portal-ui/build/static/css/2.60e04a19.chunk.css.map
--- a/portal-ui/build/static/js/2.83e7347e.chunk.js
+++ b/portal-ui/build/static/js/2.83e7347e.chunk.js
--- a/portal-ui/build/static/js/2.83e7347e.chunk.js.LICENSE.txt
+++ b/portal-ui/build/static/js/2.83e7347e.chunk.js.LICENSE.txt
@@ -0,0 +1,280 @@
+/*
+object-assign
+(c) Sindre Sorhus
+@license MIT
+*/
+
+/*!
+  Copyright (c) 2018 Jed Watson.
+  Licensed under the MIT License (MIT), see
+  http://jedwatson.github.io/classnames
+*/
+
+/*!
+ * Chart.js v2.9.4
+ * https://www.chartjs.org
+ * (c) 2020 Chart.js Contributors
+ * Released under the MIT License
+ */
+
+/*!
+ * cookie
+ * Copyright(c) 2012-2014 Roman Shtylman
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+/*! Conditions:: INITIAL */
+
+/*! Moment Duration Format v2.2.2
+     *  https://github.com/jsmreese/moment-duration-format
+     *  Date: 2018-02-16
+     *
+     *  Duration format plugin function for the Moment.js library
+     *  http://momentjs.com/
+     *
+     *  Copyright 2018 John Madhavan-Reese
+     *  Released under the MIT license
+     */
+
+/*! Production::    $accept : expression $end */
+
+/*! Production::    css_value : ANGLE */
+
+/*! Production::    css_value : CHS */
+
+/*! Production::    css_value : EMS */
+
+/*! Production::    css_value : EXS */
+
+/*! Production::    css_value : FREQ */
+
+/*! Production::    css_value : LENGTH */
+
+/*! Production::    css_value : PERCENTAGE */
+
+/*! Production::    css_value : REMS */
+
+/*! Production::    css_value : RES */
+
+/*! Production::    css_value : SUB css_value */
+
+/*! Production::    css_value : TIME */
+
+/*! Production::    css_value : VHS */
+
+/*! Production::    css_value : VMAXS */
+
+/*! Production::    css_value : VMINS */
+
+/*! Production::    css_value : VWS */
+
+/*! Production::    css_variable : CSS_VAR LPAREN CSS_CPROP COMMA math_expression RPAREN */
+
+/*! Production::    css_variable : CSS_VAR LPAREN CSS_CPROP RPAREN */
+
+/*! Production::    expression : math_expression EOF */
+
+/*! Production::    math_expression : LPAREN math_expression RPAREN */
+
+/*! Production::    math_expression : NESTED_CALC LPAREN math_expression RPAREN */
+
+/*! Production::    math_expression : SUB PREFIX SUB NESTED_CALC LPAREN math_expression RPAREN */
+
+/*! Production::    math_expression : css_value */
+
+/*! Production::    math_expression : css_variable */
+
+/*! Production::    math_expression : math_expression ADD math_expression */
+
+/*! Production::    math_expression : math_expression DIV math_expression */
+
+/*! Production::    math_expression : math_expression MUL math_expression */
+
+/*! Production::    math_expression : math_expression SUB math_expression */
+
+/*! Production::    math_expression : value */
+
+/*! Production::    value : NUMBER */
+
+/*! Production::    value : SUB NUMBER */
+
+/*! Rule::       $ */
+
+/*! Rule::       (--[0-9a-z-A-Z-]*) */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)% */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)Hz\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)ch\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)cm\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)deg\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)dpcm\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)dpi\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)dppx\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)em\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)ex\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)grad\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)in\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)kHz\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)mm\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)ms\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)pc\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)pt\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)px\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)rad\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)rem\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)s\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)turn\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)vh\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)vmax\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)vmin\b */
+
+/*! Rule::       ([0-9]+(\.[0-9]*)?|\.[0-9]+)vw\b */
+
+/*! Rule::       ([a-z]+) */
+
+/*! Rule::       (calc) */
+
+/*! Rule::       (var) */
+
+/*! Rule::       , */
+
+/*! Rule::       - */
+
+/*! Rule::       \( */
+
+/*! Rule::       \) */
+
+/*! Rule::       \* */
+
+/*! Rule::       \+ */
+
+/*! Rule::       \/ */
+
+/*! Rule::       \s+ */
+
+/*! decimal.js-light v2.5.1 https://github.com/MikeMcl/decimal.js-light/LICENCE */
+
+/**
+ * A better abstraction over CSS.
+ *
+ * @copyright Oleg Isonen (Slobodskoi) / Isonen 2014-present
+ * @website https://github.com/cssinjs/jss
+ * @license MIT
+ */
+
+/** @license React v0.20.2
+ * scheduler.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+/** @license React v16.10.2
+ * react-is.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+/** @license React v16.13.1
+ * react-is.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+/** @license React v17.0.1
+ * react-dom.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+/** @license React v17.0.2
+ * react-is.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+/** @license React v17.0.2
+ * react-jsx-runtime.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+/** @license React v17.0.2
+ * react.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+/**!
+ * @fileOverview Kickass library to create and place poppers near their reference elements.
+ * @version 1.16.1-lts
+ * @license
+ * Copyright (c) 2016 Federico Zivolo and contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+//! moment.js
--- a/portal-ui/build/static/js/2.83e7347e.chunk.js.map
+++ b/portal-ui/build/static/js/2.83e7347e.chunk.js.map
--- a/portal-ui/build/static/js/main.b28ddf54.chunk.js
+++ b/portal-ui/build/static/js/main.b28ddf54.chunk.js
--- a/portal-ui/build/static/js/main.b28ddf54.chunk.js.map
+++ b/portal-ui/build/static/js/main.b28ddf54.chunk.js.map
--- a/portal-ui/src/screens/Console/Buckets/BucketDetails/AccessRulePanel.tsx
+++ b/portal-ui/src/screens/Console/Buckets/BucketDetails/AccessRulePanel.tsx
@@ -0,0 +1,229 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import React, { useEffect, useState, Fragment } from "react";
+import { connect } from "react-redux";
+import { createStyles, Theme, withStyles } from "@material-ui/core/styles";
+import { Button, Paper } from "@material-ui/core";
+import { AppState } from "../../../../store";
+import { setErrorSnackMessage } from "../../../../actions";
+import { ISessionResponse } from "../../types";
+import { ErrorResponseHandler } from "../../../../common/types";
+import TableWrapper from "../../Common/TableWrapper/TableWrapper";
+import api from "../../../../common/api";
+import AddAccessRuleModal from "./AddAccessRule";
+import DeleteAccessRuleModal from "./DeleteAccessRule";
+import { CreateIcon } from "../../../../icons";
+import Grid from "@material-ui/core/Grid";
+import {
+  actionsTray,
+  containerForHeader,
+  objectBrowserCommon,
+  searchField,
+} from "../../Common/FormComponents/common/styleLibrary";
+
+const styles = (theme: Theme) =>
+  createStyles({
+    seeMore: {
+      marginTop: theme.spacing(3),
+    },
+    paper: {
+      display: "flex",
+      overflow: "auto",
+      flexDirection: "column",
+    },
+
+    addSideBar: {
+      width: "320px",
+      padding: "20px",
+    },
+    tableToolbar: {
+      paddingLeft: theme.spacing(2),
+      paddingRight: theme.spacing(0),
+    },
+    minTableHeader: {
+      color: "#393939",
+      "& tr": {
+        "& th": {
+          fontWeight: "bold",
+        },
+      },
+    },
+    fileName: {
+      display: "flex",
+      alignItems: "center",
+    },
+    fileNameText: {
+      whiteSpace: "nowrap",
+      overflow: "hidden",
+      textOverflow: "ellipsis",
+    },
+    buttonsContainer: {
+      "& .MuiButtonBase-root": {
+        marginLeft: 10,
+      },
+    },
+    browsePaper: {
+      height: "calc(100vh - 280px)",
+    },
+    "@global": {
+      ".rowLine:hover  .iconFileElm": {
+        backgroundImage: "url(/images/ob_file_filled.svg)",
+      },
+      ".rowLine:hover  .iconFolderElm": {
+        backgroundImage: "url(/images/ob_folder_filled.svg)",
+      },
+    },
+    listButton: {
+      marginLeft: "10px",
+      align: "right",
+    },
+    badgeOverlap: {
+      "& .MuiBadge-badge": {
+        top: 35,
+        right: 10,
+      },
+    },
+    ...actionsTray,
+    ...searchField,
+    ...objectBrowserCommon,
+    ...containerForHeader(theme.spacing(4)),
+  });
+
+const mapState = (state: AppState) => ({
+  session: state.console.session,
+  loadingBucket: state.buckets.bucketDetails.loadingBucket,
+});
+
+const connector = connect(mapState, { setErrorSnackMessage });
+
+interface IAccessRuleProps {
+  session: ISessionResponse;
+  setErrorSnackMessage: typeof setErrorSnackMessage;
+  classes: any;
+  match: any;
+  loadingBucket: boolean;
+}
+
+const AccessRule = ({
+  classes,
+  match,
+  setErrorSnackMessage,
+  loadingBucket,
+}: IAccessRuleProps) => {
+  const [loadingAccessRules, setLoadingAccessRules] = useState<boolean>(true);
+  const [accessRules, setAccessRules] = useState([]);
+  const [addAccessRuleOpen, setAddAccessRuleOpen] = useState<boolean>(false);
+  const [deleteAccessRuleOpen, setDeleteAccessRuleOpen] = useState<boolean>(false);
+  const [accessRuleToDelete, setAccessRuleToDelete] = useState<string>("");
+
+  const bucketName = match.params["bucketName"];
+
+  useEffect(() => {
+    if (loadingBucket) {
+      setLoadingAccessRules(true);
+    }
+  }, [loadingBucket, setLoadingAccessRules]);
+
+  const AccessRuleActions = [
+    {
+      type: "delete",
+      onClick: (accessRule: any) => {
+        setDeleteAccessRuleOpen(true);
+        setAccessRuleToDelete(accessRule.prefix);
+      },
+    },
+  ];
+
+  useEffect(() => {
+    if (loadingAccessRules) {
+      api
+        .invoke("GET", `/api/v1/bucket/${bucketName}/access-rules`)
+        .then((res: any) => {
+          setAccessRules(res.accessRules);
+          setLoadingAccessRules(false);
+        })
+        .catch((err: ErrorResponseHandler) => {
+          setErrorSnackMessage(err);
+          setLoadingAccessRules(false);
+        });
+    }
+  }, [loadingAccessRules, setErrorSnackMessage, bucketName]);
+
+  const closeAddAccessRuleModal = () => {
+    setAddAccessRuleOpen(false);
+    setLoadingAccessRules(true);
+  };
+
+  const closeDeleteAccessRuleModal = () => {
+    setDeleteAccessRuleOpen(false);
+    setLoadingAccessRules(true);
+  };
+
+  return (
+    <Fragment>
+      {addAccessRuleOpen && (
+        <AddAccessRuleModal
+          modalOpen={addAccessRuleOpen}
+          onClose={closeAddAccessRuleModal}
+          bucket={bucketName}
+        />
+      )}
+      {deleteAccessRuleOpen && (
+        <DeleteAccessRuleModal
+          modalOpen={deleteAccessRuleOpen}
+          onClose={closeDeleteAccessRuleModal}
+          bucket={bucketName}
+          toDelete={accessRuleToDelete}
+        />
+      )}
+      <Grid item xs={12} className={classes.actionsTray}>
+        <h1 className={classes.sectionTitle}>Access Rules</h1>
+        <Button
+          variant="contained"
+          color="primary"
+          startIcon={<CreateIcon />}
+          component="label"
+          onClick={() => {
+            setAddAccessRuleOpen(true);
+          }}
+          className={classes.listButton}
+        >
+          Add Access Rule
+        </Button>
+      </Grid>
+      <Grid item xs={12}>
+        <br />
+      </Grid>
+      <Paper>
+        <TableWrapper
+          noBackground={true}
+          itemActions={AccessRuleActions}
+          columns={[
+            { label: "Prefix", elementKey: "prefix" },
+            { label: "Access", elementKey: "access" },
+          ]}
+          isLoading={loadingAccessRules}
+          records={accessRules}
+          entityName="Access Rules"
+          idField="prefix"
+        />
+      </Paper>
+    </Fragment>
+  );
+};
+
+export default withStyles(styles)(connector(AccessRule));
--- a/portal-ui/src/screens/Console/Buckets/BucketDetails/AddAccessRule.tsx
+++ b/portal-ui/src/screens/Console/Buckets/BucketDetails/AddAccessRule.tsx
@@ -0,0 +1,146 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import React, {useState} from "react";
+import ModalWrapper from "../../Common/ModalWrapper/ModalWrapper";
+import { Button, Grid } from "@material-ui/core";
+import InputBoxWrapper from "../../Common/FormComponents/InputBoxWrapper/InputBoxWrapper";
+import { createStyles, Theme, withStyles } from "@material-ui/core/styles";
+import { modalBasic } from "../../Common/FormComponents/common/styleLibrary";
+import { connect } from "react-redux";
+import api from "../../../../common/api";
+import { ErrorResponseHandler } from "../../../../common/types";
+import { setErrorSnackMessage } from "../../../../actions";
+import { AppState } from "../../../../store";
+import SelectWrapper from "../../Common/FormComponents/SelectWrapper/SelectWrapper";
+
+const mapState = (state: AppState) => ({
+  session: state.console.session,
+});
+
+const connector = connect(mapState, { setErrorSnackMessage });
+
+interface IAddAccessRule {
+  classes: any;
+  modalOpen: boolean;
+  onClose: () => any;
+  bucket: string;
+}
+
+const styles = (theme: Theme) =>
+  createStyles({
+    buttonContainer: {
+      textAlign: "right",
+    },
+    pathLabel: {
+      marginTop: 0,
+      marginBottom: 32,
+    },
+    ...modalBasic,
+  });
+
+const AddAccessRule = ({
+  modalOpen,
+  onClose,
+  classes,
+  bucket,
+}: IAddAccessRule) => {
+  const [prefix, setPrefix] = useState("");
+  const [selectedAccess, setSelectedAccess] = useState<any>("readonly");
+
+  const accessOptions = [
+    { label: "readonly", value: "readonly" },
+    { label: "writeonly", value: "writeonly" },
+    { label: "readwrite", value: "readwrite" },
+  ];
+
+  const resetForm = () => {
+    setPrefix("");
+    setSelectedAccess("none");
+  };
+
+  const createProcess = () => {
+    api
+      .invoke("PUT", `/api/v1/bucket/${bucket}/access-rules`, {
+        prefix: prefix,
+        access: selectedAccess,
+      })
+      .then((res: any) => {
+        onClose();
+      })
+      .catch((err: ErrorResponseHandler) => {
+        setErrorSnackMessage(err);
+        onClose();
+      });
+  };
+
+  return (
+    <React.Fragment>
+      <ModalWrapper
+        modalOpen={modalOpen}
+        title="Add Access Rule"
+        onClose={onClose}
+      >
+        <Grid container>
+          <Grid item xs={12}>
+            <InputBoxWrapper
+              value={prefix}
+              label={"Prefix"}
+              id={"prefix"}
+              name={"prefix"}
+              placeholder={"Enter Prefix"}
+              onChange={(e) => {
+                setPrefix(e.target.value);
+              }}
+            />
+            <SelectWrapper
+              id="access"
+              name="Access"
+              onChange={(e) => {
+                setSelectedAccess(e.target.value);
+              }}
+              label="Access"
+              value={selectedAccess}
+              options={accessOptions}
+              disabled={false}
+            />
+          </Grid>
+          <Grid item xs={12} className={classes.buttonContainer}>
+            <button
+              type="button"
+              color="primary"
+              className={classes.clearButton}
+              onClick={resetForm}
+            >
+              Clear
+            </button>
+            <Button
+              type="submit"
+              variant="contained"
+              color="primary"
+              disabled={prefix.trim() === ""}
+              onClick={createProcess}
+            >
+              Save
+            </Button>
+          </Grid>
+        </Grid>
+      </ModalWrapper>
+    </React.Fragment>
+  );
+};
+
+export default withStyles(styles)(connector(AddAccessRule));
--- a/portal-ui/src/screens/Console/Buckets/BucketDetails/BucketDetails.tsx
+++ b/portal-ui/src/screens/Console/Buckets/BucketDetails/BucketDetails.tsx
@@ -50,6 +50,7 @@ import { IconButton, Tooltip } from "@material-ui/core";
 import { BucketsIcon, DeleteIcon } from "../../../../icons";
 import RefreshIcon from "@material-ui/icons/Refresh";
 import DeleteBucket from "../ListBuckets/DeleteBucket";
+import AccessRulePanel from "./AccessRulePanel";

 const styles = (theme: Theme) =>
  createStyles({
@@ -289,6 +290,9 @@ const BucketDetails = ({
      case "access":
        mainRoute += "/access";
        break;
+      case "prefix":
+        mainRoute += "/prefix";
+        break;
      default:
        mainRoute += "/summary";
    }
@@ -420,6 +424,15 @@ const BucketDetails = ({
            >
              <ListItemText primary="Access Audit" />
            </ListItem>
+            <ListItem
+              button
+              selected={selectedTab === "prefix"}
+              onClick={() => {
+                changeRoute("prefix");
+              }}
+            >
+              <ListItemText primary="Access Rules" />
+            </ListItem>
          </List>
        </Grid>
        <Grid item xs={10}>
@@ -450,6 +463,10 @@ const BucketDetails = ({
                path="/buckets/:bucketName/access"
                component={AccessDetailsPanel}
              />
+              <Route
+                path="/buckets/:bucketName/prefix"
+                component={AccessRulePanel}
+              />
              <Route
                path="/buckets/:bucketName"
                component={() => (
--- a/portal-ui/src/screens/Console/Buckets/BucketDetails/DeleteAccessRule.tsx
+++ b/portal-ui/src/screens/Console/Buckets/BucketDetails/DeleteAccessRule.tsx
@@ -0,0 +1,113 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import React from "react";
+import ModalWrapper from "../../Common/ModalWrapper/ModalWrapper";
+import {
+  Button, Dialog,
+  DialogActions,
+  DialogContent,
+  DialogContentText,
+  DialogTitle,
+  Grid,
+  LinearProgress
+} from "@material-ui/core";
+import { createStyles, Theme, withStyles } from "@material-ui/core/styles";
+import { modalBasic } from "../../Common/FormComponents/common/styleLibrary";
+import { connect } from "react-redux";
+import api from "../../../../common/api";
+import { ErrorResponseHandler } from "../../../../common/types";
+import { setErrorSnackMessage } from "../../../../actions";
+import { AppState } from "../../../../store";
+
+const mapState = (state: AppState) => ({
+  session: state.console.session,
+});
+
+const connector = connect(mapState, { setErrorSnackMessage });
+
+interface IDeleteAccessRule {
+  modalOpen: boolean;
+  onClose: () => any;
+  bucket: string;
+  toDelete: string;
+}
+
+const styles = (theme: Theme) =>
+  createStyles({
+    buttonContainer: {
+      textAlign: "right",
+    },
+    pathLabel: {
+      marginTop: 0,
+      marginBottom: 32,
+    },
+    ...modalBasic,
+  });
+
+const DeleteAccessRule = ({
+  onClose,
+  modalOpen,
+  bucket,
+  toDelete,
+}: IDeleteAccessRule) => {
+
+  const deleteProcess = () => {
+    api
+      .invoke("DELETE", `/api/v1/bucket/${bucket}/access-rules/${toDelete}`)
+      .then((res: any) => {
+      })
+      .catch((err: ErrorResponseHandler) => {
+        setErrorSnackMessage(err);
+      });
+  };
+
+  return (
+      <Dialog
+          open={modalOpen}
+          onClose={onClose}
+          aria-labelledby="alert-dialog-title"
+          aria-describedby="alert-dialog-description"
+      >
+        <DialogTitle id="alert-dialog-title">Delete Access Rule</DialogTitle>
+        <DialogContent>
+          <DialogContentText id="alert-dialog-description">
+            Are you sure you want to delete this access rule?
+          </DialogContentText>
+        </DialogContent>
+        <DialogActions>
+          <Button
+            onClick={onClose}
+            color="primary"
+          >
+            Cancel
+          </Button>
+          <Button
+              onClick={() => {
+                deleteProcess();
+                onClose();
+              }}
+              color="secondary"
+              autoFocus
+          >
+            Delete
+          </Button>
+        </DialogActions>
+      </Dialog>
+  );
+};
+
+export default withStyles(styles)(connector(DeleteAccessRule));
--- a/restapi/admin_policies.go
+++ b/restapi/admin_policies.go
@@ -82,6 +82,27 @@ func registersPoliciesHandler(api *operations.ConsoleAPI) {
 		}
 		return admin_api.NewListPoliciesWithBucketOK().WithPayload(policyResponse)
 	})
+	api.AdminAPIListAccessRulesWithBucketHandler = admin_api.ListAccessRulesWithBucketHandlerFunc(func(params admin_api.ListAccessRulesWithBucketParams, session *models.Principal) middleware.Responder {
+		policyResponse, err := getListAccessRulesWithBucketResponse(session, params.Bucket)
+		if err != nil {
+			return admin_api.NewListAccessRulesWithBucketDefault(int(err.Code)).WithPayload(err)
+		}
+		return admin_api.NewListAccessRulesWithBucketOK().WithPayload(policyResponse)
+	})
+	api.AdminAPISetAccessRuleWithBucketHandler = admin_api.SetAccessRuleWithBucketHandlerFunc(func(params admin_api.SetAccessRuleWithBucketParams, session *models.Principal) middleware.Responder {
+		policyResponse, err := getSetAccessRuleWithBucketResponse(session, params.Bucket, params.Prefixaccess)
+		if err != nil {
+			return admin_api.NewSetAccessRuleWithBucketDefault(int(err.Code)).WithPayload(err)
+		}
+		return admin_api.NewSetAccessRuleWithBucketOK().WithPayload(policyResponse)
+	})
+	api.AdminAPIDeleteAccessRuleWithBucketHandler = admin_api.DeleteAccessRuleWithBucketHandlerFunc(func(params admin_api.DeleteAccessRuleWithBucketParams, session *models.Principal) middleware.Responder {
+		policyResponse, err := getDeleteAccessRuleWithBucketResponse(session, params.Bucket, params.Prefix)
+		if err != nil {
+			return admin_api.NewDeleteAccessRuleWithBucketDefault(int(err.Code)).WithPayload(err)
+		}
+		return admin_api.NewDeleteAccessRuleWithBucketOK().WithPayload(policyResponse)
+	})
 	api.AdminAPIListUsersForPolicyHandler = admin_api.ListUsersForPolicyHandlerFunc(func(params admin_api.ListUsersForPolicyParams, session *models.Principal) middleware.Responder {
 		policyUsersResponse, err := getListUsersForPolicyResponse(session, params.Policy)
 		if err != nil {
@@ -98,6 +119,46 @@ func registersPoliciesHandler(api *operations.ConsoleAPI) {
 	})
 }

+func getListAccessRulesWithBucketResponse(session *models.Principal, bucket string) (*models.ListAccessRulesResponse, *models.Error) {
+	ctx := context.Background()
+	client, err := newS3BucketClient(session, bucket, "")
+	if err != nil {
+		return nil, prepareError(err)
+	}
+	accessRules, _ := client.GetAccessRules(ctx)
+	var accessRuleList []*models.AccessRule
+	for k, v := range accessRules {
+		accessRuleList = append(accessRuleList, &models.AccessRule{Prefix: k[len(bucket)+1 : len(k)-1], Access: v})
+	}
+	return &models.ListAccessRulesResponse{AccessRules: accessRuleList}, nil
+}
+
+func getSetAccessRuleWithBucketResponse(session *models.Principal, bucket string, prefixAccess *models.PrefixAccessPair) (bool, *models.Error) {
+	ctx := context.Background()
+	client, err := newS3BucketClient(session, bucket, prefixAccess.Prefix)
+	if err != nil {
+		return false, prepareError(err)
+	}
+	errorVal := client.SetAccess(ctx, prefixAccess.Access, false)
+	if errorVal != nil {
+		return false, prepareError(errorVal.Cause)
+	}
+	return true, nil
+}
+
+func getDeleteAccessRuleWithBucketResponse(session *models.Principal, bucket string, prefix string) (bool, *models.Error) {
+	ctx := context.Background()
+	client, err := newS3BucketClient(session, bucket, prefix)
+	if err != nil {
+		return false, prepareError(err)
+	}
+	errorVal := client.SetAccess(ctx, "none", false)
+	if errorVal != nil {
+		return false, prepareError(errorVal.Cause)
+	}
+	return true, nil
+}
+
 func getListPoliciesWithBucketResponse(session *models.Principal, bucket string) (*models.ListPoliciesResponse, *models.Error) {
 	ctx := context.Background()
 	mAdmin, err := NewMinioAdminClient(session)
--- a/restapi/embedded_spec.go
+++ b/restapi/embedded_spec.go
@@ -492,6 +492,123 @@ func init() {
        }
      }
    },
+    "/bucket/{bucket}/access-rules": {
+      "get": {
+        "tags": [
+          "AdminAPI"
+        ],
+        "summary": "List Access Rules With Given Bucket",
+        "operationId": "ListAccessRulesWithBucket",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "bucket",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "integer",
+            "format": "int32",
+            "name": "offset",
+            "in": "query"
+          },
+          {
+            "type": "integer",
+            "format": "int32",
+            "name": "limit",
+            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/listAccessRulesResponse"
+            }
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      },
+      "put": {
+        "tags": [
+          "AdminAPI"
+        ],
+        "summary": "Add Access Rule To Given Bucket",
+        "operationId": "SetAccessRuleWithBucket",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "bucket",
+            "in": "path",
+            "required": true
+          },
+          {
+            "name": "prefixaccess",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/prefixAccessPair"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "type": "boolean"
+            }
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
+    "/bucket/{bucket}/access-rules/{prefix}": {
+      "delete": {
+        "tags": [
+          "AdminAPI"
+        ],
+        "summary": "Delete Access Rule From Given Bucket",
+        "operationId": "DeleteAccessRuleWithBucket",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "bucket",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "name": "prefix",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "type": "boolean"
+            }
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
    "/buckets": {
      "get": {
        "tags": [
@@ -3194,6 +3311,17 @@ func init() {
    }
  },
  "definitions": {
+    "accessRule": {
+      "type": "object",
+      "properties": {
+        "access": {
+          "type": "string"
+        },
+        "prefix": {
+          "type": "string"
+        }
+      }
+    },
    "accountChangePasswordRequest": {
      "type": "object",
      "required": [
@@ -3889,6 +4017,23 @@ func init() {
        }
      }
    },
+    "listAccessRulesResponse": {
+      "type": "object",
+      "properties": {
+        "accessRules": {
+          "type": "array",
+          "title": "list of policies",
+          "items": {
+            "$ref": "#/definitions/accessRule"
+          }
+        },
+        "total": {
+          "type": "integer",
+          "format": "int64",
+          "title": "total number of policies"
+        }
+      }
+    },
    "listBucketEventsResponse": {
      "type": "object",
      "properties": {
@@ -4456,6 +4601,17 @@ func init() {
        "group"
      ]
    },
+    "prefixAccessPair": {
+      "type": "object",
+      "properties": {
+        "access": {
+          "type": "string"
+        },
+        "prefix": {
+          "type": "string"
+        }
+      }
+    },
    "principal": {
      "type": "object",
      "properties": {
@@ -5663,6 +5819,123 @@ func init() {
        }
      }
    },
+    "/bucket/{bucket}/access-rules": {
+      "get": {
+        "tags": [
+          "AdminAPI"
+        ],
+        "summary": "List Access Rules With Given Bucket",
+        "operationId": "ListAccessRulesWithBucket",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "bucket",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "integer",
+            "format": "int32",
+            "name": "offset",
+            "in": "query"
+          },
+          {
+            "type": "integer",
+            "format": "int32",
+            "name": "limit",
+            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/listAccessRulesResponse"
+            }
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      },
+      "put": {
+        "tags": [
+          "AdminAPI"
+        ],
+        "summary": "Add Access Rule To Given Bucket",
+        "operationId": "SetAccessRuleWithBucket",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "bucket",
+            "in": "path",
+            "required": true
+          },
+          {
+            "name": "prefixaccess",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/prefixAccessPair"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "type": "boolean"
+            }
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
+    "/bucket/{bucket}/access-rules/{prefix}": {
+      "delete": {
+        "tags": [
+          "AdminAPI"
+        ],
+        "summary": "Delete Access Rule From Given Bucket",
+        "operationId": "DeleteAccessRuleWithBucket",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "bucket",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "name": "prefix",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "type": "boolean"
+            }
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
    "/buckets": {
      "get": {
        "tags": [
@@ -8419,6 +8692,17 @@ func init() {
        }
      }
    },
+    "accessRule": {
+      "type": "object",
+      "properties": {
+        "access": {
+          "type": "string"
+        },
+        "prefix": {
+          "type": "string"
+        }
+      }
+    },
    "accountChangePasswordRequest": {
      "type": "object",
      "required": [
@@ -9114,6 +9398,23 @@ func init() {
        }
      }
    },
+    "listAccessRulesResponse": {
+      "type": "object",
+      "properties": {
+        "accessRules": {
+          "type": "array",
+          "title": "list of policies",
+          "items": {
+            "$ref": "#/definitions/accessRule"
+          }
+        },
+        "total": {
+          "type": "integer",
+          "format": "int64",
+          "title": "total number of policies"
+        }
+      }
+    },
    "listBucketEventsResponse": {
      "type": "object",
      "properties": {
@@ -9681,6 +9982,17 @@ func init() {
        "group"
      ]
    },
+    "prefixAccessPair": {
+      "type": "object",
+      "properties": {
+        "access": {
+          "type": "string"
+        },
+        "prefix": {
+          "type": "string"
+        }
+      }
+    },
    "principal": {
      "type": "object",
      "properties": {
--- a/restapi/operations/admin_api/delete_access_rule_with_bucket.go
+++ b/restapi/operations/admin_api/delete_access_rule_with_bucket.go
@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// DeleteAccessRuleWithBucketHandlerFunc turns a function with the right signature into a delete access rule with bucket handler
+type DeleteAccessRuleWithBucketHandlerFunc func(DeleteAccessRuleWithBucketParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn DeleteAccessRuleWithBucketHandlerFunc) Handle(params DeleteAccessRuleWithBucketParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// DeleteAccessRuleWithBucketHandler interface for that can handle valid delete access rule with bucket params
+type DeleteAccessRuleWithBucketHandler interface {
+	Handle(DeleteAccessRuleWithBucketParams, *models.Principal) middleware.Responder
+}
+
+// NewDeleteAccessRuleWithBucket creates a new http.Handler for the delete access rule with bucket operation
+func NewDeleteAccessRuleWithBucket(ctx *middleware.Context, handler DeleteAccessRuleWithBucketHandler) *DeleteAccessRuleWithBucket {
+	return &DeleteAccessRuleWithBucket{Context: ctx, Handler: handler}
+}
+
+/* DeleteAccessRuleWithBucket swagger:route DELETE /bucket/{bucket}/access-rules/{prefix} AdminAPI deleteAccessRuleWithBucket
+
+Delete Access Rule From Given Bucket
+
+*/
+type DeleteAccessRuleWithBucket struct {
+	Context *middleware.Context
+	Handler DeleteAccessRuleWithBucketHandler
+}
+
+func (o *DeleteAccessRuleWithBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewDeleteAccessRuleWithBucketParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/restapi/operations/admin_api/delete_access_rule_with_bucket_parameters.go
+++ b/restapi/operations/admin_api/delete_access_rule_with_bucket_parameters.go
@@ -0,0 +1,112 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewDeleteAccessRuleWithBucketParams creates a new DeleteAccessRuleWithBucketParams object
+//
+// There are no default values defined in the spec.
+func NewDeleteAccessRuleWithBucketParams() DeleteAccessRuleWithBucketParams {
+
+	return DeleteAccessRuleWithBucketParams{}
+}
+
+// DeleteAccessRuleWithBucketParams contains all the bound params for the delete access rule with bucket operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters DeleteAccessRuleWithBucket
+type DeleteAccessRuleWithBucketParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  In: path
+	*/
+	Bucket string
+	/*
+	  Required: true
+	  In: path
+	*/
+	Prefix string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewDeleteAccessRuleWithBucketParams() beforehand.
+func (o *DeleteAccessRuleWithBucketParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	rBucket, rhkBucket, _ := route.Params.GetOK("bucket")
+	if err := o.bindBucket(rBucket, rhkBucket, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	rPrefix, rhkPrefix, _ := route.Params.GetOK("prefix")
+	if err := o.bindPrefix(rPrefix, rhkPrefix, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindBucket binds and validates parameter Bucket from path.
+func (o *DeleteAccessRuleWithBucketParams) bindBucket(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Bucket = raw
+
+	return nil
+}
+
+// bindPrefix binds and validates parameter Prefix from path.
+func (o *DeleteAccessRuleWithBucketParams) bindPrefix(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Prefix = raw
+
+	return nil
+}
--- a/restapi/operations/admin_api/delete_access_rule_with_bucket_responses.go
+++ b/restapi/operations/admin_api/delete_access_rule_with_bucket_responses.go
@@ -0,0 +1,131 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// DeleteAccessRuleWithBucketOKCode is the HTTP code returned for type DeleteAccessRuleWithBucketOK
+const DeleteAccessRuleWithBucketOKCode int = 200
+
+/*DeleteAccessRuleWithBucketOK A successful response.
+
+swagger:response deleteAccessRuleWithBucketOK
+*/
+type DeleteAccessRuleWithBucketOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload bool `json:"body,omitempty"`
+}
+
+// NewDeleteAccessRuleWithBucketOK creates DeleteAccessRuleWithBucketOK with default headers values
+func NewDeleteAccessRuleWithBucketOK() *DeleteAccessRuleWithBucketOK {
+
+	return &DeleteAccessRuleWithBucketOK{}
+}
+
+// WithPayload adds the payload to the delete access rule with bucket o k response
+func (o *DeleteAccessRuleWithBucketOK) WithPayload(payload bool) *DeleteAccessRuleWithBucketOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the delete access rule with bucket o k response
+func (o *DeleteAccessRuleWithBucketOK) SetPayload(payload bool) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DeleteAccessRuleWithBucketOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	payload := o.Payload
+	if err := producer.Produce(rw, payload); err != nil {
+		panic(err) // let the recovery middleware deal with this
+	}
+}
+
+/*DeleteAccessRuleWithBucketDefault Generic error response.
+
+swagger:response deleteAccessRuleWithBucketDefault
+*/
+type DeleteAccessRuleWithBucketDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewDeleteAccessRuleWithBucketDefault creates DeleteAccessRuleWithBucketDefault with default headers values
+func NewDeleteAccessRuleWithBucketDefault(code int) *DeleteAccessRuleWithBucketDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &DeleteAccessRuleWithBucketDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the delete access rule with bucket default response
+func (o *DeleteAccessRuleWithBucketDefault) WithStatusCode(code int) *DeleteAccessRuleWithBucketDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the delete access rule with bucket default response
+func (o *DeleteAccessRuleWithBucketDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the delete access rule with bucket default response
+func (o *DeleteAccessRuleWithBucketDefault) WithPayload(payload *models.Error) *DeleteAccessRuleWithBucketDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the delete access rule with bucket default response
+func (o *DeleteAccessRuleWithBucketDefault) SetPayload(payload *models.Error) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DeleteAccessRuleWithBucketDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
--- a/restapi/operations/admin_api/delete_access_rule_with_bucket_urlbuilder.go
+++ b/restapi/operations/admin_api/delete_access_rule_with_bucket_urlbuilder.go
@@ -0,0 +1,124 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+	"strings"
+)
+
+// DeleteAccessRuleWithBucketURL generates an URL for the delete access rule with bucket operation
+type DeleteAccessRuleWithBucketURL struct {
+	Bucket string
+	Prefix string
+
+	_basePath string
+	// avoid unkeyed usage
+	_ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *DeleteAccessRuleWithBucketURL) WithBasePath(bp string) *DeleteAccessRuleWithBucketURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *DeleteAccessRuleWithBucketURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *DeleteAccessRuleWithBucketURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/bucket/{bucket}/access-rules/{prefix}"
+
+	bucket := o.Bucket
+	if bucket != "" {
+		_path = strings.Replace(_path, "{bucket}", bucket, -1)
+	} else {
+		return nil, errors.New("bucket is required on DeleteAccessRuleWithBucketURL")
+	}
+
+	prefix := o.Prefix
+	if prefix != "" {
+		_path = strings.Replace(_path, "{prefix}", prefix, -1)
+	} else {
+		return nil, errors.New("prefix is required on DeleteAccessRuleWithBucketURL")
+	}
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *DeleteAccessRuleWithBucketURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *DeleteAccessRuleWithBucketURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *DeleteAccessRuleWithBucketURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on DeleteAccessRuleWithBucketURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on DeleteAccessRuleWithBucketURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *DeleteAccessRuleWithBucketURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}
--- a/restapi/operations/admin_api/list_access_rules_with_bucket.go
+++ b/restapi/operations/admin_api/list_access_rules_with_bucket.go
@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// ListAccessRulesWithBucketHandlerFunc turns a function with the right signature into a list access rules with bucket handler
+type ListAccessRulesWithBucketHandlerFunc func(ListAccessRulesWithBucketParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn ListAccessRulesWithBucketHandlerFunc) Handle(params ListAccessRulesWithBucketParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// ListAccessRulesWithBucketHandler interface for that can handle valid list access rules with bucket params
+type ListAccessRulesWithBucketHandler interface {
+	Handle(ListAccessRulesWithBucketParams, *models.Principal) middleware.Responder
+}
+
+// NewListAccessRulesWithBucket creates a new http.Handler for the list access rules with bucket operation
+func NewListAccessRulesWithBucket(ctx *middleware.Context, handler ListAccessRulesWithBucketHandler) *ListAccessRulesWithBucket {
+	return &ListAccessRulesWithBucket{Context: ctx, Handler: handler}
+}
+
+/* ListAccessRulesWithBucket swagger:route GET /bucket/{bucket}/access-rules AdminAPI listAccessRulesWithBucket
+
+List Access Rules With Given Bucket
+
+*/
+type ListAccessRulesWithBucket struct {
+	Context *middleware.Context
+	Handler ListAccessRulesWithBucketHandler
+}
+
+func (o *ListAccessRulesWithBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewListAccessRulesWithBucketParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/restapi/operations/admin_api/list_access_rules_with_bucket_parameters.go
+++ b/restapi/operations/admin_api/list_access_rules_with_bucket_parameters.go
@@ -0,0 +1,156 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// NewListAccessRulesWithBucketParams creates a new ListAccessRulesWithBucketParams object
+//
+// There are no default values defined in the spec.
+func NewListAccessRulesWithBucketParams() ListAccessRulesWithBucketParams {
+
+	return ListAccessRulesWithBucketParams{}
+}
+
+// ListAccessRulesWithBucketParams contains all the bound params for the list access rules with bucket operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters ListAccessRulesWithBucket
+type ListAccessRulesWithBucketParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  In: path
+	*/
+	Bucket string
+	/*
+	  In: query
+	*/
+	Limit *int32
+	/*
+	  In: query
+	*/
+	Offset *int32
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewListAccessRulesWithBucketParams() beforehand.
+func (o *ListAccessRulesWithBucketParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	qs := runtime.Values(r.URL.Query())
+
+	rBucket, rhkBucket, _ := route.Params.GetOK("bucket")
+	if err := o.bindBucket(rBucket, rhkBucket, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	qLimit, qhkLimit, _ := qs.GetOK("limit")
+	if err := o.bindLimit(qLimit, qhkLimit, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	qOffset, qhkOffset, _ := qs.GetOK("offset")
+	if err := o.bindOffset(qOffset, qhkOffset, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindBucket binds and validates parameter Bucket from path.
+func (o *ListAccessRulesWithBucketParams) bindBucket(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Bucket = raw
+
+	return nil
+}
+
+// bindLimit binds and validates parameter Limit from query.
+func (o *ListAccessRulesWithBucketParams) bindLimit(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: false
+	// AllowEmptyValue: false
+
+	if raw == "" { // empty values pass all other validations
+		return nil
+	}
+
+	value, err := swag.ConvertInt32(raw)
+	if err != nil {
+		return errors.InvalidType("limit", "query", "int32", raw)
+	}
+	o.Limit = &value
+
+	return nil
+}
+
+// bindOffset binds and validates parameter Offset from query.
+func (o *ListAccessRulesWithBucketParams) bindOffset(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: false
+	// AllowEmptyValue: false
+
+	if raw == "" { // empty values pass all other validations
+		return nil
+	}
+
+	value, err := swag.ConvertInt32(raw)
+	if err != nil {
+		return errors.InvalidType("offset", "query", "int32", raw)
+	}
+	o.Offset = &value
+
+	return nil
+}
--- a/restapi/operations/admin_api/list_access_rules_with_bucket_responses.go
+++ b/restapi/operations/admin_api/list_access_rules_with_bucket_responses.go
@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// ListAccessRulesWithBucketOKCode is the HTTP code returned for type ListAccessRulesWithBucketOK
+const ListAccessRulesWithBucketOKCode int = 200
+
+/*ListAccessRulesWithBucketOK A successful response.
+
+swagger:response listAccessRulesWithBucketOK
+*/
+type ListAccessRulesWithBucketOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *models.ListAccessRulesResponse `json:"body,omitempty"`
+}
+
+// NewListAccessRulesWithBucketOK creates ListAccessRulesWithBucketOK with default headers values
+func NewListAccessRulesWithBucketOK() *ListAccessRulesWithBucketOK {
+
+	return &ListAccessRulesWithBucketOK{}
+}
+
+// WithPayload adds the payload to the list access rules with bucket o k response
+func (o *ListAccessRulesWithBucketOK) WithPayload(payload *models.ListAccessRulesResponse) *ListAccessRulesWithBucketOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the list access rules with bucket o k response
+func (o *ListAccessRulesWithBucketOK) SetPayload(payload *models.ListAccessRulesResponse) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *ListAccessRulesWithBucketOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+/*ListAccessRulesWithBucketDefault Generic error response.
+
+swagger:response listAccessRulesWithBucketDefault
+*/
+type ListAccessRulesWithBucketDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewListAccessRulesWithBucketDefault creates ListAccessRulesWithBucketDefault with default headers values
+func NewListAccessRulesWithBucketDefault(code int) *ListAccessRulesWithBucketDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &ListAccessRulesWithBucketDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the list access rules with bucket default response
+func (o *ListAccessRulesWithBucketDefault) WithStatusCode(code int) *ListAccessRulesWithBucketDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the list access rules with bucket default response
+func (o *ListAccessRulesWithBucketDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the list access rules with bucket default response
+func (o *ListAccessRulesWithBucketDefault) WithPayload(payload *models.Error) *ListAccessRulesWithBucketDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the list access rules with bucket default response
+func (o *ListAccessRulesWithBucketDefault) SetPayload(payload *models.Error) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *ListAccessRulesWithBucketDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
--- a/restapi/operations/admin_api/list_access_rules_with_bucket_urlbuilder.go
+++ b/restapi/operations/admin_api/list_access_rules_with_bucket_urlbuilder.go
@@ -0,0 +1,141 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+	"strings"
+
+	"github.com/go-openapi/swag"
+)
+
+// ListAccessRulesWithBucketURL generates an URL for the list access rules with bucket operation
+type ListAccessRulesWithBucketURL struct {
+	Bucket string
+
+	Limit  *int32
+	Offset *int32
+
+	_basePath string
+	// avoid unkeyed usage
+	_ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *ListAccessRulesWithBucketURL) WithBasePath(bp string) *ListAccessRulesWithBucketURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *ListAccessRulesWithBucketURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *ListAccessRulesWithBucketURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/bucket/{bucket}/access-rules"
+
+	bucket := o.Bucket
+	if bucket != "" {
+		_path = strings.Replace(_path, "{bucket}", bucket, -1)
+	} else {
+		return nil, errors.New("bucket is required on ListAccessRulesWithBucketURL")
+	}
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	qs := make(url.Values)
+
+	var limitQ string
+	if o.Limit != nil {
+		limitQ = swag.FormatInt32(*o.Limit)
+	}
+	if limitQ != "" {
+		qs.Set("limit", limitQ)
+	}
+
+	var offsetQ string
+	if o.Offset != nil {
+		offsetQ = swag.FormatInt32(*o.Offset)
+	}
+	if offsetQ != "" {
+		qs.Set("offset", offsetQ)
+	}
+
+	_result.RawQuery = qs.Encode()
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *ListAccessRulesWithBucketURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *ListAccessRulesWithBucketURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *ListAccessRulesWithBucketURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on ListAccessRulesWithBucketURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on ListAccessRulesWithBucketURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *ListAccessRulesWithBucketURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}
--- a/restapi/operations/admin_api/set_access_rule_with_bucket.go
+++ b/restapi/operations/admin_api/set_access_rule_with_bucket.go
@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// SetAccessRuleWithBucketHandlerFunc turns a function with the right signature into a set access rule with bucket handler
+type SetAccessRuleWithBucketHandlerFunc func(SetAccessRuleWithBucketParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn SetAccessRuleWithBucketHandlerFunc) Handle(params SetAccessRuleWithBucketParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// SetAccessRuleWithBucketHandler interface for that can handle valid set access rule with bucket params
+type SetAccessRuleWithBucketHandler interface {
+	Handle(SetAccessRuleWithBucketParams, *models.Principal) middleware.Responder
+}
+
+// NewSetAccessRuleWithBucket creates a new http.Handler for the set access rule with bucket operation
+func NewSetAccessRuleWithBucket(ctx *middleware.Context, handler SetAccessRuleWithBucketHandler) *SetAccessRuleWithBucket {
+	return &SetAccessRuleWithBucket{Context: ctx, Handler: handler}
+}
+
+/* SetAccessRuleWithBucket swagger:route PUT /bucket/{bucket}/access-rules AdminAPI setAccessRuleWithBucket
+
+Add Access Rule To Given Bucket
+
+*/
+type SetAccessRuleWithBucket struct {
+	Context *middleware.Context
+	Handler SetAccessRuleWithBucketHandler
+}
+
+func (o *SetAccessRuleWithBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewSetAccessRuleWithBucketParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/restapi/operations/admin_api/set_access_rule_with_bucket_parameters.go
+++ b/restapi/operations/admin_api/set_access_rule_with_bucket_parameters.go
@@ -0,0 +1,127 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"io"
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
+
+	"github.com/minio/console/models"
+)
+
+// NewSetAccessRuleWithBucketParams creates a new SetAccessRuleWithBucketParams object
+//
+// There are no default values defined in the spec.
+func NewSetAccessRuleWithBucketParams() SetAccessRuleWithBucketParams {
+
+	return SetAccessRuleWithBucketParams{}
+}
+
+// SetAccessRuleWithBucketParams contains all the bound params for the set access rule with bucket operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters SetAccessRuleWithBucket
+type SetAccessRuleWithBucketParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  In: path
+	*/
+	Bucket string
+	/*
+	  Required: true
+	  In: body
+	*/
+	Prefixaccess *models.PrefixAccessPair
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewSetAccessRuleWithBucketParams() beforehand.
+func (o *SetAccessRuleWithBucketParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	rBucket, rhkBucket, _ := route.Params.GetOK("bucket")
+	if err := o.bindBucket(rBucket, rhkBucket, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body models.PrefixAccessPair
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			if err == io.EOF {
+				res = append(res, errors.Required("prefixaccess", "body", ""))
+			} else {
+				res = append(res, errors.NewParseError("prefixaccess", "body", "", err))
+			}
+		} else {
+			// validate body object
+			if err := body.Validate(route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			ctx := validate.WithOperationRequest(context.Background())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			if len(res) == 0 {
+				o.Prefixaccess = &body
+			}
+		}
+	} else {
+		res = append(res, errors.Required("prefixaccess", "body", ""))
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindBucket binds and validates parameter Bucket from path.
+func (o *SetAccessRuleWithBucketParams) bindBucket(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Bucket = raw
+
+	return nil
+}
--- a/restapi/operations/admin_api/set_access_rule_with_bucket_responses.go
+++ b/restapi/operations/admin_api/set_access_rule_with_bucket_responses.go
@@ -0,0 +1,131 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// SetAccessRuleWithBucketOKCode is the HTTP code returned for type SetAccessRuleWithBucketOK
+const SetAccessRuleWithBucketOKCode int = 200
+
+/*SetAccessRuleWithBucketOK A successful response.
+
+swagger:response setAccessRuleWithBucketOK
+*/
+type SetAccessRuleWithBucketOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload bool `json:"body,omitempty"`
+}
+
+// NewSetAccessRuleWithBucketOK creates SetAccessRuleWithBucketOK with default headers values
+func NewSetAccessRuleWithBucketOK() *SetAccessRuleWithBucketOK {
+
+	return &SetAccessRuleWithBucketOK{}
+}
+
+// WithPayload adds the payload to the set access rule with bucket o k response
+func (o *SetAccessRuleWithBucketOK) WithPayload(payload bool) *SetAccessRuleWithBucketOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the set access rule with bucket o k response
+func (o *SetAccessRuleWithBucketOK) SetPayload(payload bool) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *SetAccessRuleWithBucketOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	payload := o.Payload
+	if err := producer.Produce(rw, payload); err != nil {
+		panic(err) // let the recovery middleware deal with this
+	}
+}
+
+/*SetAccessRuleWithBucketDefault Generic error response.
+
+swagger:response setAccessRuleWithBucketDefault
+*/
+type SetAccessRuleWithBucketDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewSetAccessRuleWithBucketDefault creates SetAccessRuleWithBucketDefault with default headers values
+func NewSetAccessRuleWithBucketDefault(code int) *SetAccessRuleWithBucketDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &SetAccessRuleWithBucketDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the set access rule with bucket default response
+func (o *SetAccessRuleWithBucketDefault) WithStatusCode(code int) *SetAccessRuleWithBucketDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the set access rule with bucket default response
+func (o *SetAccessRuleWithBucketDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the set access rule with bucket default response
+func (o *SetAccessRuleWithBucketDefault) WithPayload(payload *models.Error) *SetAccessRuleWithBucketDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the set access rule with bucket default response
+func (o *SetAccessRuleWithBucketDefault) SetPayload(payload *models.Error) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *SetAccessRuleWithBucketDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
--- a/restapi/operations/admin_api/set_access_rule_with_bucket_urlbuilder.go
+++ b/restapi/operations/admin_api/set_access_rule_with_bucket_urlbuilder.go
@@ -0,0 +1,116 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+	"strings"
+)
+
+// SetAccessRuleWithBucketURL generates an URL for the set access rule with bucket operation
+type SetAccessRuleWithBucketURL struct {
+	Bucket string
+
+	_basePath string
+	// avoid unkeyed usage
+	_ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *SetAccessRuleWithBucketURL) WithBasePath(bp string) *SetAccessRuleWithBucketURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *SetAccessRuleWithBucketURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *SetAccessRuleWithBucketURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/bucket/{bucket}/access-rules"
+
+	bucket := o.Bucket
+	if bucket != "" {
+		_path = strings.Replace(_path, "{bucket}", bucket, -1)
+	} else {
+		return nil, errors.New("bucket is required on SetAccessRuleWithBucketURL")
+	}
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *SetAccessRuleWithBucketURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *SetAccessRuleWithBucketURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *SetAccessRuleWithBucketURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on SetAccessRuleWithBucketURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on SetAccessRuleWithBucketURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *SetAccessRuleWithBucketURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}
--- a/restapi/operations/console_api.go
+++ b/restapi/operations/console_api.go
@@ -119,6 +119,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
 		AdminAPIDashboardWidgetDetailsHandler: admin_api.DashboardWidgetDetailsHandlerFunc(func(params admin_api.DashboardWidgetDetailsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation admin_api.DashboardWidgetDetails has not yet been implemented")
 		}),
+		AdminAPIDeleteAccessRuleWithBucketHandler: admin_api.DeleteAccessRuleWithBucketHandlerFunc(func(params admin_api.DeleteAccessRuleWithBucketParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation admin_api.DeleteAccessRuleWithBucket has not yet been implemented")
+		}),
 		UserAPIDeleteBucketHandler: user_api.DeleteBucketHandlerFunc(func(params user_api.DeleteBucketParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation user_api.DeleteBucket has not yet been implemented")
 		}),
@@ -194,6 +197,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
 		AdminAPIListAUserServiceAccountsHandler: admin_api.ListAUserServiceAccountsHandlerFunc(func(params admin_api.ListAUserServiceAccountsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation admin_api.ListAUserServiceAccounts has not yet been implemented")
 		}),
+		AdminAPIListAccessRulesWithBucketHandler: admin_api.ListAccessRulesWithBucketHandlerFunc(func(params admin_api.ListAccessRulesWithBucketParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation admin_api.ListAccessRulesWithBucket has not yet been implemented")
+		}),
 		UserAPIListBucketEventsHandler: user_api.ListBucketEventsHandlerFunc(func(params user_api.ListBucketEventsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation user_api.ListBucketEvents has not yet been implemented")
 		}),
@@ -299,6 +305,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
 		UserAPISessionCheckHandler: user_api.SessionCheckHandlerFunc(func(params user_api.SessionCheckParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation user_api.SessionCheck has not yet been implemented")
 		}),
+		AdminAPISetAccessRuleWithBucketHandler: admin_api.SetAccessRuleWithBucketHandlerFunc(func(params admin_api.SetAccessRuleWithBucketParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation admin_api.SetAccessRuleWithBucket has not yet been implemented")
+		}),
 		UserAPISetBucketQuotaHandler: user_api.SetBucketQuotaHandlerFunc(func(params user_api.SetBucketQuotaParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation user_api.SetBucketQuota has not yet been implemented")
 		}),
@@ -432,6 +441,8 @@ type ConsoleAPI struct {
 	UserAPICreateServiceAccountHandler user_api.CreateServiceAccountHandler
 	// AdminAPIDashboardWidgetDetailsHandler sets the operation handler for the dashboard widget details operation
 	AdminAPIDashboardWidgetDetailsHandler admin_api.DashboardWidgetDetailsHandler
+	// AdminAPIDeleteAccessRuleWithBucketHandler sets the operation handler for the delete access rule with bucket operation
+	AdminAPIDeleteAccessRuleWithBucketHandler admin_api.DeleteAccessRuleWithBucketHandler
 	// UserAPIDeleteBucketHandler sets the operation handler for the delete bucket operation
 	UserAPIDeleteBucketHandler user_api.DeleteBucketHandler
 	// UserAPIDeleteBucketEventHandler sets the operation handler for the delete bucket event operation
@@ -482,6 +493,8 @@ type ConsoleAPI struct {
 	UserAPIHasPermissionToHandler user_api.HasPermissionToHandler
 	// AdminAPIListAUserServiceAccountsHandler sets the operation handler for the list a user service accounts operation
 	AdminAPIListAUserServiceAccountsHandler admin_api.ListAUserServiceAccountsHandler
+	// AdminAPIListAccessRulesWithBucketHandler sets the operation handler for the list access rules with bucket operation
+	AdminAPIListAccessRulesWithBucketHandler admin_api.ListAccessRulesWithBucketHandler
 	// UserAPIListBucketEventsHandler sets the operation handler for the list bucket events operation
 	UserAPIListBucketEventsHandler user_api.ListBucketEventsHandler
 	// UserAPIListBucketsHandler sets the operation handler for the list buckets operation
@@ -552,6 +565,8 @@ type ConsoleAPI struct {
 	AdminAPIRestartServiceHandler admin_api.RestartServiceHandler
 	// UserAPISessionCheckHandler sets the operation handler for the session check operation
 	UserAPISessionCheckHandler user_api.SessionCheckHandler
+	// AdminAPISetAccessRuleWithBucketHandler sets the operation handler for the set access rule with bucket operation
+	AdminAPISetAccessRuleWithBucketHandler admin_api.SetAccessRuleWithBucketHandler
 	// UserAPISetBucketQuotaHandler sets the operation handler for the set bucket quota operation
 	UserAPISetBucketQuotaHandler user_api.SetBucketQuotaHandler
 	// UserAPISetBucketRetentionConfigHandler sets the operation handler for the set bucket retention config operation
@@ -721,6 +736,9 @@ func (o *ConsoleAPI) Validate() error {
 	if o.AdminAPIDashboardWidgetDetailsHandler == nil {
 		unregistered = append(unregistered, "admin_api.DashboardWidgetDetailsHandler")
 	}
+	if o.AdminAPIDeleteAccessRuleWithBucketHandler == nil {
+		unregistered = append(unregistered, "admin_api.DeleteAccessRuleWithBucketHandler")
+	}
 	if o.UserAPIDeleteBucketHandler == nil {
 		unregistered = append(unregistered, "user_api.DeleteBucketHandler")
 	}
@@ -796,6 +814,9 @@ func (o *ConsoleAPI) Validate() error {
 	if o.AdminAPIListAUserServiceAccountsHandler == nil {
 		unregistered = append(unregistered, "admin_api.ListAUserServiceAccountsHandler")
 	}
+	if o.AdminAPIListAccessRulesWithBucketHandler == nil {
+		unregistered = append(unregistered, "admin_api.ListAccessRulesWithBucketHandler")
+	}
 	if o.UserAPIListBucketEventsHandler == nil {
 		unregistered = append(unregistered, "user_api.ListBucketEventsHandler")
 	}
@@ -901,6 +922,9 @@ func (o *ConsoleAPI) Validate() error {
 	if o.UserAPISessionCheckHandler == nil {
 		unregistered = append(unregistered, "user_api.SessionCheckHandler")
 	}
+	if o.AdminAPISetAccessRuleWithBucketHandler == nil {
+		unregistered = append(unregistered, "admin_api.SetAccessRuleWithBucketHandler")
+	}
 	if o.UserAPISetBucketQuotaHandler == nil {
 		unregistered = append(unregistered, "user_api.SetBucketQuotaHandler")
 	}
@@ -1120,6 +1144,10 @@ func (o *ConsoleAPI) initHandlerCache() {
 	if o.handlers["DELETE"] == nil {
 		o.handlers["DELETE"] = make(map[string]http.Handler)
 	}
+	o.handlers["DELETE"]["/bucket/{bucket}/access-rules/{prefix}"] = admin_api.NewDeleteAccessRuleWithBucket(o.context, o.AdminAPIDeleteAccessRuleWithBucketHandler)
+	if o.handlers["DELETE"] == nil {
+		o.handlers["DELETE"] = make(map[string]http.Handler)
+	}
 	o.handlers["DELETE"]["/buckets/{name}"] = user_api.NewDeleteBucket(o.context, o.UserAPIDeleteBucketHandler)
 	if o.handlers["DELETE"] == nil {
 		o.handlers["DELETE"] = make(map[string]http.Handler)
@@ -1220,6 +1248,10 @@ func (o *ConsoleAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
+	o.handlers["GET"]["/bucket/{bucket}/access-rules"] = admin_api.NewListAccessRulesWithBucket(o.context, o.AdminAPIListAccessRulesWithBucketHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
 	o.handlers["GET"]["/buckets/{bucket_name}/events"] = user_api.NewListBucketEvents(o.context, o.UserAPIListBucketEventsHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
@@ -1360,6 +1392,10 @@ func (o *ConsoleAPI) initHandlerCache() {
 	if o.handlers["PUT"] == nil {
 		o.handlers["PUT"] = make(map[string]http.Handler)
 	}
+	o.handlers["PUT"]["/bucket/{bucket}/access-rules"] = admin_api.NewSetAccessRuleWithBucket(o.context, o.AdminAPISetAccessRuleWithBucketHandler)
+	if o.handlers["PUT"] == nil {
+		o.handlers["PUT"] = make(map[string]http.Handler)
+	}
 	o.handlers["PUT"]["/buckets/{name}/quota"] = user_api.NewSetBucketQuota(o.context, o.UserAPISetBucketQuotaHandler)
 	if o.handlers["PUT"] == nil {
 		o.handlers["PUT"] = make(map[string]http.Handler)
--- a/swagger-console.yml
+++ b/swagger-console.yml
@@ -1571,6 +1571,86 @@ paths:
      tags:
        - AdminAPI

+  /bucket/{bucket}/access-rules:
+    put:
+      summary: Add Access Rule To Given Bucket
+      operationId: SetAccessRuleWithBucket
+      parameters:
+        - name: bucket
+          in: path
+          required: true
+          type: string
+        - name: prefixaccess
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/prefixAccessPair"
+      responses:
+        200:
+          description: A successful response.
+          schema:
+            type: boolean
+        default:
+          description: Generic error response.
+          schema:
+            $ref: "#/definitions/error"
+      tags:
+        - AdminAPI
+    get:
+      summary: List Access Rules With Given Bucket
+      operationId: ListAccessRulesWithBucket
+      parameters:
+        - name: bucket
+          in: path
+          required: true
+          type: string
+        - name: offset
+          in: query
+          required: false
+          type: integer
+          format: int32
+        - name: limit
+          in: query
+          required: false
+          type: integer
+          format: int32
+      responses:
+        200:
+          description: A successful response.
+          schema:
+            $ref: "#/definitions/listAccessRulesResponse"
+        default:
+          description: Generic error response.
+          schema:
+            $ref: "#/definitions/error"
+      tags:
+        - AdminAPI
+
+  /bucket/{bucket}/access-rules/{prefix}:
+    delete:
+      summary: Delete Access Rule From Given Bucket
+      operationId: DeleteAccessRuleWithBucket
+      parameters:
+        - name: bucket
+          in: path
+          required: true
+          type: string
+        - name: prefix
+          in: path
+          required: true
+          type: string
+      responses:
+        200:
+          description: A successful response.
+          schema:
+            type: boolean
+        default:
+          description: Generic error response.
+          schema:
+            $ref: "#/definitions/error"
+      tags:
+        - AdminAPI
+
  /bucket-users/{bucket}:
    get:
      summary: List Users With Access to a Given Bucket
@@ -2457,6 +2537,28 @@ definitions:
        type: integer
        format: int64
        title: total number of policies
+
+  listAccessRulesResponse:
+    type: object
+    properties:
+      accessRules:
+        type: array
+        items:
+          $ref: "#/definitions/accessRule"
+        title: list of policies
+      total:
+        type: integer
+        format: int64
+        title: total number of policies
+
+  accessRule:
+    type: object
+    properties:
+      prefix:
+        type: string
+      access:
+        type: string
+
  updateGroupRequest:
    type: object
    required:
@@ -3369,6 +3471,14 @@ definitions:
      disable:
        type: boolean

+  prefixAccessPair:
+    type: object
+    properties:
+      prefix:
+        type: string
+      access:
+        type: string
+
  setConfigResponse:
    type: object
    properties: