diff --git a/Makefile b/Makefile
index 946e786f90..f41ec2cdca 100644
--- a/Makefile
+++ b/Makefile
@@ -64,7 +64,7 @@ swagger-console:
 
 assets:
 	@(if [ -f "${NVM_DIR}/nvm.sh" ]; then \. "${NVM_DIR}/nvm.sh" && nvm install && nvm use && npm install -g yarn ; fi &&\
-	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --loglevel warn; cd ..)
+	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --log-level warn; cd ..)
 
 test-integration:
 	@(docker stop pgsqlcontainer || true)
diff --git a/web-app/package.json b/web-app/package.json
index 5217f9ad45..2b04906c70 100644
--- a/web-app/package.json
+++ b/web-app/package.json
@@ -7,6 +7,7 @@
   "dependencies": {
     "@reduxjs/toolkit": "^1.9.7",
     "clsx": "^2.1.1",
+    "dompurify": "^3.2.4",
     "http-status-codes": "^2.3.0",
     "kbar": "^0.1.0-beta.45",
     "local-storage-fallback": "^4.1.2",
@@ -78,6 +79,7 @@
     "@types/webpack-env": "^1.18.5",
     "babel-plugin-istanbul": "^6.1.1",
     "customize-cra": "^1.0.0",
+    "dompurify": "^3.2.4",
     "knip": "^5.27.2",
     "minio": "^8.0.1",
     "nyc": "^15.1.0",
diff --git a/web-app/src/common/SecureComponent/__tests__/accessControl.test.ts b/web-app/src/common/SecureComponent/__tests__/accessControl.test.ts
index f616d56ccd..5cd0ceacf9 100644
--- a/web-app/src/common/SecureComponent/__tests__/accessControl.test.ts
+++ b/web-app/src/common/SecureComponent/__tests__/accessControl.test.ts
@@ -176,7 +176,7 @@ test("Can delete an object inside a bucket prefix", () => {
         "xref_cust_guid_actd-v1.jpg",
         "test/digitalinsights/xref_cust_guid_actd-v1.jpg",
       ],
-      [IAM_SCOPES.S3_DELETE_OBJECT],
+      [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
     ),
   ).toBe(true);
 });
@@ -186,7 +186,7 @@ test("Can't delete an object inside a bucket prefix", () => {
   expect(
     hasPermission(
       ["xref_cust_guid_actd-v1.jpg", "test/xref_cust_guid_actd-v1.jpg"],
-      [IAM_SCOPES.S3_DELETE_OBJECT],
+      [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
     ),
   ).toBe(false);
 });
diff --git a/web-app/src/common/SecureComponent/permissions.ts b/web-app/src/common/SecureComponent/permissions.ts
index 481b93f9d6..71d2afc1fa 100644
--- a/web-app/src/common/SecureComponent/permissions.ts
+++ b/web-app/src/common/SecureComponent/permissions.ts
@@ -30,6 +30,7 @@ export const IAM_SCOPES = {
   S3_PUT_OBJECT: "s3:PutObject",
   S3_GET_ACTIONS: "s3:Get*",
   S3_PUT_ACTIONS: "s3:Put*",
+  S3_DELETE_ACTIONS: "s3:Delete*",
   S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold",
   S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold",
   S3_DELETE_OBJECT: "s3:DeleteObject",
@@ -197,6 +198,7 @@ export const IAM_PERMISSIONS = {
     IAM_SCOPES.S3_PUT_OBJECT,
     IAM_SCOPES.S3_PUT_ACTIONS,
     IAM_SCOPES.S3_DELETE_OBJECT,
+    IAM_SCOPES.S3_DELETE_ACTIONS,
   ],
   [IAM_ROLES.BUCKET_VIEWER]: [
     IAM_SCOPES.S3_LIST_BUCKET,
diff --git a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
index 98d929ad7b..f55990a589 100644
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
@@ -278,7 +278,7 @@ const ListObjects = () => {
   ]);
   const canDelete = hasPermission(
     [pathAsResourceInPolicy, ...sessionGrantWildCards],
-    [IAM_SCOPES.S3_DELETE_OBJECT],
+    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
   );
   const canUpload =
     hasPermission(
@@ -912,7 +912,7 @@ const ListObjects = () => {
       tooltip: canDelete
         ? "Delete Selected Files"
         : permissionTooltipHelper(
-            [IAM_SCOPES.S3_DELETE_OBJECT],
+            [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
             "delete objects in this bucket",
           ),
     },
diff --git a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
index 52a222be00..335edb2400 100644
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
@@ -352,7 +352,7 @@ const ObjectDetailPanel = ({
   ]);
   const canDelete = hasPermission(
     [bucketName, currentItem, [bucketName, actualInfo.name].join("/")],
-    [IAM_SCOPES.S3_DELETE_OBJECT],
+    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
   );
 
   let objectType: AllowedPreviews = previewObjectType(metaData, currentItem);
@@ -649,7 +649,7 @@ const ObjectDetailPanel = ({
               canDelete
                 ? ""
                 : permissionTooltipHelper(
-                    [IAM_SCOPES.S3_DELETE_OBJECT],
+                    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
                     "delete this object",
                   )
             }
@@ -665,7 +665,10 @@ const ObjectDetailPanel = ({
                   currentItem,
                   [bucketName, actualInfo.name].join("/"),
                 ]}
-                scopes={[IAM_SCOPES.S3_DELETE_OBJECT]}
+                scopes={[
+                  IAM_SCOPES.S3_DELETE_OBJECT,
+                  IAM_SCOPES.S3_DELETE_ACTIONS,
+                ]}
                 errorProps={{ disabled: true }}
               >
                 <Button
diff --git a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx
index ad38da9780..c588d32211 100644
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx
@@ -232,7 +232,10 @@ const AddTagModal = ({
                         return (
                           <SecureComponent
                             key={`chip-${index}`}
-                            scopes={[IAM_SCOPES.S3_DELETE_OBJECT_TAGGING]}
+                            scopes={[
+                              IAM_SCOPES.S3_DELETE_OBJECT_TAGGING,
+                              IAM_SCOPES.S3_DELETE_ACTIONS,
+                            ]}
                             resource={bucketName}
                             errorProps={{
                               deleteIcon: null,
diff --git a/web-app/yarn.lock b/web-app/yarn.lock
index 8e7dd7553f..baa5faa1aa 100644
--- a/web-app/yarn.lock
+++ b/web-app/yarn.lock
@@ -3839,7 +3839,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/trusted-types@npm:^2.0.2":
+"@types/trusted-types@npm:^2.0.2, @types/trusted-types@npm:^2.0.7":
   version: 2.0.7
   resolution: "@types/trusted-types@npm:2.0.7"
   checksum: 10c0/4c4855f10de7c6c135e0d32ce462419d8abbbc33713b31d294596c0cc34ae1fa6112a2f9da729c8f7a20707782b0d69da3b1f8df6645b0366d08825ca1522e0c
@@ -7142,10 +7142,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"dompurify@npm:^2.5.4":
-  version: 2.5.7
-  resolution: "dompurify@npm:2.5.7"
-  checksum: 10c0/23c4f737182fcf3e731e458c3930ef4d2916191e4180e1e345f153124dfa7ec117d2810af1754e8854c581131fc75dac914a8391183d1511852ef32b4055f711
+"dompurify@npm:^3.2.4":
+  version: 3.2.4
+  resolution: "dompurify@npm:3.2.4"
+  dependencies:
+    "@types/trusted-types": "npm:^2.0.7"
+  dependenciesMeta:
+    "@types/trusted-types":
+      optional: true
+  checksum: 10c0/6be56810fb7ad2776155c8fc2967af5056783c030094362c7d0cf1ad13f2129cf922d8eefab528a34bdebfb98e2f44b306a983ab93aefb9d6f24c18a3d027a05
   languageName: node
   linkType: hard
 
@@ -11213,7 +11218,7 @@ __metadata:
     btoa: "npm:^1.2.1"
     canvg: "npm:^3.0.6"
     core-js: "npm:^3.6.0"
-    dompurify: "npm:^2.5.4"
+    dompurify: "npm:^3.2.4"
     fflate: "npm:^0.8.1"
     html2canvas: "npm:^1.0.0-rc.5"
   dependenciesMeta:
@@ -18216,6 +18221,7 @@ __metadata:
     babel-plugin-istanbul: "npm:^6.1.1"
     clsx: "npm:^2.1.1"
     customize-cra: "npm:^1.0.0"
+    dompurify: "npm:^3.2.4"
     http-status-codes: "npm:^2.3.0"
     kbar: "npm:^0.1.0-beta.45"
     knip: "npm:^5.27.2"