> ## Documentation Index
> Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt
> Use this file to discover all available pages before exploring further.

# How do I give someone Object Storage access without admin privileges?

Object Storage access uses a different permission model than the rest of CoreWeave IAM. The IAM `Object Storage Admin` role only governs the control plane (managing buckets, keys, and policies through the `cwobject:` API). It does not grant S3 data-plane access. To give a user read or write access to objects, create an [Object Storage organization access policy](/products/storage/object-storage/auth-access/organization-policies/about) that grants specific `s3:` actions (for example, `s3:GetObject`, `s3:ListBucket`) on the resources they need, and add the user as the principal. For bucket-specific rules, layer a bucket access policy on top.

Do not attach the `Object Storage Admin` IAM role to a user you intend to keep read-only or scoped. Organization access policies accept individual user UIDs or SAML users and groups, not CoreWeave IAM groups.

For full details, see [Object Storage policies](/products/storage/object-storage/auth-access/policies) and [Organization access policies](/products/storage/object-storage/auth-access/organization-policies/about). For example policies, see [Policy examples](/products/storage/object-storage/auth-access/organization-policies/examples).

***

<Badge stroke shape="pill" color="blue" size="md">[Administrator](/support/storage/tags/administrator)</Badge><Badge stroke shape="pill" color="blue" size="md">[Authentication & Access](/support/storage/tags/authentication-access)</Badge>
