{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "admin",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam:::user/example_core",
          "arn:aws:iam:::user/allocation_owner@uab.edu"
        ]
      },
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::bucket",
        "arn:aws:s3:::bucket/*"
      ]
    },
    {
      "Sid": "data-manager",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam:::user/blazerid@uab.edu"
        ]
      },
      "Action": [
        "s3:ListBucket",
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:GetBucketPolicy",
        "s3:PutBucketPolicy"
      ],
      "Resource": [
        "arn:aws:s3:::bucket",
        "arn:aws:s3:::bucket/*"
      ]
    },
    {
      "Sid": "base-user-list-read-all",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam:::user/user_1@uab.edu",
          "arn:aws:iam:::user/user_2@uab.edu"
        ]
      },
      "Action": [
        "s3:ListBucket",
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::bucket",
        "arn:aws:s3:::bucket/*"
      ]
    },
    {
      "Sid": "user1-put-delete-owned-objects",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam:::user/user_1@uab.edu"
        ]
      },
      "Action": [
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::bucket/user_1",
        "arn:aws:s3:::bucket/user_1/*"
      ]
    },
    {
      "Sid": "user2-put-delete-owned-objects",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam:::user/user_2@uab.edu"
        ]
      },
      "Action": [
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::bucket/user_2",
        "arn:aws:s3:::bucket/user_2/*"
      ]
    }
  ]
}