...
Along the lines of the administrative override, Gateway provides a mechanism for accessing a storage domain by bypassing either the domain's IDSYS or a bucket's Policy.
In order to bypass the storage domain's IDSYS in favor of the root IDSYS, the The user name for the request uses the form: user + "@". For example "psmith@" to bypass the storage domain's IDSYS in favor of the root IDSYS. Requests performed using user names in the form "user@" are still subject to the domain and bucket Policy. Logins in this form only affect the authentication source for users.
In order to bypass a bucket's Policy, the The user name for the request uses the form: "!" + user, such as "!psmith" or "!psmith@other.com" to bypass a bucket's Policy. Requests of this form are authenticated using a domain IDSYS and are still subject to the domain Policy. This form of login can be used by the domain administrator to modify a the bucket Policy for another user's bucket. Notice this override also works when the domain owner is from another tenant domain.
...