From f96d4cf7d37082d2d5ccb8df619033499f684d05 Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Tue, 2 Mar 2021 17:02:29 -0800
Subject: [PATCH] fix: do not deny admins to change other passwords

fixes a regression from #11680
---
 cmd/admin-handlers-users.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/admin-handlers-users.go b/cmd/admin-handlers-users.go
index 3341738a8..a932ae809 100644
--- a/cmd/admin-handlers-users.go
+++ b/cmd/admin-handlers-users.go
@@ -399,7 +399,7 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
 			AccountName:     parentUser,
 			Action:          iampolicy.CreateUserAdminAction,
 			ConditionValues: getConditionValues(r, "", parentUser, claims),
-			IsOwner:         false,
+			IsOwner:         owner,
 			Claims:          claims,
 		}) {
 			writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL)
@@ -411,7 +411,7 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
 		AccountName:     accessKey,
 		Action:          iampolicy.CreateUserAdminAction,
 		ConditionValues: getConditionValues(r, "", accessKey, claims),
-		IsOwner:         false,
+		IsOwner:         owner,
 		Claims:          claims,
 		DenyOnly:        true, // check if changing password is explicitly denied.
 	}) {