Fix IAM defaults and s3tables identities

weed/s3api/s3tables/permissions.go

@@ -208,6 +208,10 @@ func hasIdentityPermission(operation string, ctx *PolicyContext) bool {
 		candidates = append(candidates, operation+":"+ctx.TableBucketName, fullAction+":"+ctx.TableBucketName)
 	}
 	for _, action := range ctx.IdentityActions {
+		// Legacy static identities may still use broad admin markers.
+		if action == "*" || action == "Admin" || action == string(s3_constants.ACTION_ADMIN) || action == "s3:*" || action == "s3tables:*" {
+			return true
+		}
 		for _, candidate := range candidates {
 			if action == candidate {
 				return true