December 17, 2025 - AI Object Storage Console Access for Non-Admin Users

Non-admin users can now perform AI Object Storage actions in the Cloud Console when granted specific permissions via organization access policies.

Overview

Previously, only users with the Object Storage Admin IAM role (or legacy admin group membership) could access AI Object Storage features in the Cloud Console. With this update, you can grant non-admin users specific AI Object Storage permissions through organization access policies, enabling them to perform those actions in the Console. This enables organizations to follow the principle of least privilege, granting users only the specific Object Storage capabilities they need, without requiring full admin access.

What’s new

Granular Console permissions

Non-admin users can now perform specific AI Object Storage actions in the Cloud Console when granted the appropriate cwobject: permissions. For example:

To allow a user to…	Grant these permissions
View buckets	`cwobject:ListBucketInfo`
Create buckets	`s3:CreateBucket`, `cwobject:CreateAccessKey`
Create access keys	`cwobject:CreateAccessKey`, `cwobject:CreateAccessKeySAML`
Manage organization policies	`cwobject:EnsureAccessPolicy`, `cwobject:ListAccessPolicy`

See the Console Permissions Reference for the complete mapping.

Additional resources

Console Permissions Reference
Manage organization access policies
IAM Access Policies (Nov 20, 2025 release)

Release Notes

Documentation Index

​Overview

​What’s new

​Granular Console permissions

​Additional resources

Overview

What’s new

Granular Console permissions

Additional resources