diff --git a/pkg/handlers/create.go b/pkg/handlers/create.go
index 484a2945..79844911 100644
--- a/pkg/handlers/create.go
+++ b/pkg/handlers/create.go
@@ -66,7 +66,6 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand
 
 		// Check service values and set defaults
 		checkValues(&service, cfg)
-
 		// Check if users in allowed_users have a MinIO associated user
 		minIOAdminClient, _ := utils.MakeMinIOAdminClient(cfg)
 
@@ -98,6 +97,10 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand
 						break
 					}
 				}
+			} else {
+				if len(cfg.OIDCGroups) != 0 {
+					c.String(http.StatusBadRequest, fmt.Sprintln("service must be part of one of the following VO: ", cfg.OIDCGroups))
+				}
 			}
 
 			if len(service.AllowedUsers) > 0 {
@@ -417,6 +420,26 @@ func createBuckets(service *types.Service, cfg *types.Config, minIOAdminClient *
 					return fmt.Errorf("error creating bucket %s: %v", splitPath[0], err)
 				}
 			}
+			if !isUpdate {
+				if !isAdminUser {
+					if len(allowed_users) == 0 {
+						err = minIOAdminClient.AddServiceToAllUsersGroup(splitPath[0])
+						if err != nil {
+							return fmt.Errorf("error adding service %s to all users group: %v", splitPath[0], err)
+						}
+					} else {
+						err = minIOAdminClient.CreateServiceGroup(splitPath[0])
+						if err != nil {
+							return fmt.Errorf("error creating service group for bucket %s: %v", splitPath[0], err)
+						}
+
+						err = minIOAdminClient.UpdateUsersInGroup(allowed_users, splitPath[0], false)
+						if err != nil {
+							return err
+						}
+					}
+				}
+			}
 			// Create folder(s)
 			if len(splitPath) == 2 {
 				// Add "/" to the end of the key in order to create a folder
diff --git a/pkg/handlers/delete.go b/pkg/handlers/delete.go
index 2f453e4a..19d0e126 100644
--- a/pkg/handlers/delete.go
+++ b/pkg/handlers/delete.go
@@ -74,6 +74,14 @@ func MakeDeleteHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand
 			minIOAdminClient.UpdateUsersInGroup(users, bucket[0], true)
 		}
 
+		if service.Mount.Path != "" {
+			path := strings.Trim(service.Mount.Path, " /")
+			// Split buckets and folders from path
+			bucket := strings.SplitN(path, "/", 2)
+			var users []string
+			minIOAdminClient.UpdateUsersInGroup(users, bucket[0], true)
+		}
+
 		// Disable input notifications
 		if err := disableInputNotifications(service.GetMinIOWebhookARN(), service.Input, service.StorageProviders.MinIO[types.DefaultProvider]); err != nil {
 			log.Printf("Error disabling MinIO input notifications for service \"%s\": %v\n", service.Name, err)
diff --git a/pkg/types/expose.go b/pkg/types/expose.go
index c812f5b0..0be38895 100644
--- a/pkg/types/expose.go
+++ b/pkg/types/expose.go
@@ -27,7 +27,6 @@ import (
 	autos "k8s.io/api/autoscaling/v1"
 	v1 "k8s.io/api/core/v1"
 	net "k8s.io/api/networking/v1"
-	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/client-go/kubernetes"
@@ -53,7 +52,7 @@ An exposed service can be of to types:
 
 // CreateExpose creates all the kubernetes components
 func CreateExpose(service Service, kubeClientset kubernetes.Interface, cfg *Config) error {
-	ExposeLogger.Printf("Creating exposed service: \n%v\n", service)
+	//ExposeLogger.Printf("Creating exposed service: \n%v\n", service)
 	err := createDeployment(service, kubeClientset, cfg)
 	if err != nil {
 		return fmt.Errorf("error creating deployment for exposed service '%s': %v", service.Name, err)
@@ -254,11 +253,6 @@ func getPodTemplateSpec(service Service, cfg *Config) v1.PodTemplateSpec {
 				ContainerPort: int32(service.Expose.APIPort),
 			},
 		}
-		podSpec.Containers[i].Resources = v1.ResourceRequirements{
-			Requests: v1.ResourceList{
-				"cpu": *resource.NewMilliQuantity(500, resource.DecimalSI),
-			},
-		}
 		podSpec.Containers[i].VolumeMounts[0].ReadOnly = false
 		if service.Expose.DefaultCommand {
 			podSpec.Containers[i].Command = nil
@@ -516,7 +510,7 @@ func getIngressSpec(service Service, kubeClientset kubernetes.Interface, cfg *Co
 	}
 	annotation := map[string]string{
 		"nginx.ingress.kubernetes.io/rewrite-target": rewriteOption,
-		"kubernetes.io/ingress.class":                "nginx",
+		"spec.ingressClassName":                      "nginx",
 		"nginx.ingress.kubernetes.io/use-regex":      "true",
 	}
 	if service.Expose.SetAuth {
diff --git a/pkg/types/mount.go b/pkg/types/mount.go
index 1bfd0df2..4c2e5621 100644
--- a/pkg/types/mount.go
+++ b/pkg/types/mount.go
@@ -46,6 +46,7 @@ done`
 	ephemeralVolumeMount = "/tmpfolder"
 )
 
+// SetMount Creates the sidecar container that mounts the source volume onto the pod volume
 func SetMount(podSpec *v1.PodSpec, service Service, cfg *Config) {
 	podSpec.Containers = append(podSpec.Containers, sidecarPodSpec(service))
 	termination := int64(5)
diff --git a/ui b/ui
index b64d9452..98de936c 160000
--- a/ui
+++ b/ui
@@ -1 +1 @@
-Subproject commit b64d94529ea18799faec87cfbd6030aa81af998a
+Subproject commit 98de936c5923d3b3ccaef500c1a92f35009bbf53