Hmm…this should work but I do have a concern on it based on my experience with AWS. Maybe this is different with minio though.
In AWS, S3 bucket names are globally unique. Not just to your AWS account, but across ALL S3 buckets period. So let’s say you have a username of “test” and use that policy. If that user attempts to create a bucket and that bucket name is taken, well that user is out of luck.
Obviously if minio doesn’t require globally unique bucket names you’re probably fine, but otherwise this could realistically become a problem.