diff --git a/portal-ui/src/common/SecureComponent/permissions.ts b/portal-ui/src/common/SecureComponent/permissions.ts
index e2f2e9984..1305ba2f9 100644
--- a/portal-ui/src/common/SecureComponent/permissions.ts
+++ b/portal-ui/src/common/SecureComponent/permissions.ts
@@ -105,6 +105,7 @@ export const IAM_SCOPES = {
ADMIN_SERVER_TRACE: "admin:ServerTrace",
ADMIN_HEALTH_INFO: "admin:OBDInfo",
ADMIN_HEAL: "admin:Heal",
+ ADMIN_INSPECT_DATA: "admin:InspectData",
S3_ALL_ACTIONS: "s3:*",
ADMIN_ALL_ACTIONS: "admin:*",
};
diff --git a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
index 6686de027..a2ed152b5 100644
--- a/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
+++ b/portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
@@ -358,13 +358,21 @@ const ObjectDetailPanel = ({
? objectNameArray[objectNameArray.length - 1]
: actualInfo.name;
+ const objectResources = [
+ bucketName,
+ currentItem,
+ [bucketName, actualInfo.name].join("/"),
+ ];
+
const multiActionButtons = [
{
action: () => {
downloadObject(actualInfo);
},
label: "Download",
- disabled: !!actualInfo.is_delete_marker,
+ disabled:
+ !!actualInfo.is_delete_marker ||
+ !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT]),
icon: ,
tooltip: "Download this Object",
},
@@ -373,7 +381,9 @@ const ObjectDetailPanel = ({
shareObject();
},
label: "Share",
- disabled: !!actualInfo.is_delete_marker,
+ disabled:
+ !!actualInfo.is_delete_marker ||
+ !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT]),
icon: ,
tooltip: "Share this File",
},
@@ -384,7 +394,8 @@ const ObjectDetailPanel = ({
label: "Preview",
disabled:
!!actualInfo.is_delete_marker ||
- extensionPreview(currentItem) === "none",
+ extensionPreview(currentItem) === "none" ||
+ !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT]),
icon: ,
tooltip: "Preview this File",
},
@@ -394,8 +405,11 @@ const ObjectDetailPanel = ({
},
label: "Legal Hold",
disabled:
+ !distributedSetup ||
!!actualInfo.is_delete_marker ||
- !hasPermission(bucketName, [IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD]) ||
+ !hasPermission(objectResources, [
+ IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD,
+ ]) ||
selectedVersion !== "",
icon: ,
tooltip: "Change Legal Hold rules for this File",
@@ -404,8 +418,9 @@ const ObjectDetailPanel = ({
action: openRetentionModal,
label: "Retention",
disabled:
+ !distributedSetup ||
!!actualInfo.is_delete_marker ||
- !hasPermission(bucketName, [IAM_SCOPES.S3_GET_OBJECT_RETENTION]) ||
+ !hasPermission(objectResources, [IAM_SCOPES.S3_GET_OBJECT_RETENTION]) ||
selectedVersion !== "",
icon: ,
tooltip: "Change Retention rules for this File",
@@ -415,7 +430,10 @@ const ObjectDetailPanel = ({
setTagModalOpen(true);
},
label: "Tags",
- disabled: !!actualInfo.is_delete_marker || selectedVersion !== "",
+ disabled:
+ !!actualInfo.is_delete_marker ||
+ selectedVersion !== "" ||
+ !hasPermission(objectResources, [IAM_SCOPES.S3_PUT_OBJECT_TAGGING]),
icon: ,
tooltip: "Change Tags for this File",
},
@@ -424,7 +442,11 @@ const ObjectDetailPanel = ({
setInspectModalOpen(true);
},
label: "Inspect",
- disabled: !!actualInfo.is_delete_marker || selectedVersion !== "",
+ disabled:
+ !distributedSetup ||
+ !!actualInfo.is_delete_marker ||
+ selectedVersion !== "" ||
+ !hasPermission(objectResources, [IAM_SCOPES.ADMIN_INSPECT_DATA]),
icon: ,
tooltip: "Inspect this file",
},
@@ -434,7 +456,14 @@ const ObjectDetailPanel = ({
},
label: versionsMode ? "Hide Object Versions" : "Display Object Versions",
icon: ,
- disabled: !(actualInfo.version_id && actualInfo.version_id !== "null"),
+ disabled:
+ !distributedSetup ||
+ !(actualInfo.version_id && actualInfo.version_id !== "null") ||
+ !hasPermission(objectResources, [
+ IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
+ IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
+ IAM_SCOPES.S3_GET_OBJECT_VERSION,
+ ]),
tooltip: "Display Versions for this file",
},
];
@@ -539,7 +568,11 @@ const ObjectDetailPanel = ({