> ## Documentation Index
> Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Console permissions reference

> Permissions required to perform AI Object Storage actions in the Cloud Console

This table lists the permissions required to perform CoreWeave AI Object Storage actions in the Cloud Console. Object Storage Admins already have these permissions by default. This reference is for granting specific permissions to non-admin users.

To grant these permissions to users, you must have the `Object Storage Admin` role. Then, you can [create an organization access policy](/products/storage/object-storage/auth-access/organization-policies/manage) to grant the permissions to the users. When you grant these permissions to a user, they can perform the corresponding actions in the Cloud Console. For more information about organization access policies, see [About organization access policies](/products/storage/object-storage/auth-access/organization-policies/about).

| Console feature                      | AI Object Storage permission                                                                   |
| ------------------------------------ | ---------------------------------------------------------------------------------------------- |
| List (view) buckets                  | `cwobject:ListBucketInfo`                                                                      |
| Create buckets                       | `s3:CreateBucket` <br /> `cwobject:CreateAccessKey`                                            |
| Delete buckets                       | `s3:DeleteBucket` (policy can include the ability to delete individual buckets or all buckets) |
| Create access keys                   | `cwobject:CreateAccessKeySAML` <br /> `cwobject:CreateAccessKey`                               |
| Revoke access keys                   | `cwobject:RevokeAccessKeyByAccessKey`                                                          |
| List access keys                     | `cwobject:ListAccessKeyInfo`                                                                   |
| Create or edit organization policies | `cwobject:EnsureAccessPolicy`                                                                  |
| Delete organization policies         | `cwobject:DeleteAccessPolicy`                                                                  |
| View organization policies           | `cwobject:ListAccessPolicy`                                                                    |

<Info>
  * All `cwobject:` permissions are global operations and must specify `"resources": ["*"]` in the policy statement.
  * Cloud Console groups aren't allowed in organization access policies. Use UIDs (from the Cloud Console) or SAML users and groups instead.
</Info>

## Next steps

* Navigate to the [Organization Access Policies](https://console.coreweave.com/object-storage/access-policies) page in the Cloud Console to create an organization access policy.
* Learn more about creating [organization access policies](/products/storage/object-storage/auth-access/organization-policies/manage).