Troubleshooting permission set AministratorAccess

0

I have created two Identity Center users - Alan and nikki. I assign Alan to the Management Account, nikki to the account I created - Administration. I assigned AdministratorAccess permission set to both the users in the Management Account and Administration. When I logged in as Alan, I am able to create OU and everything just like root user. But when I logged in as nikki I am not able to create OU.

How do I troubleshoot why nikki is not able to create OU even though she has the same permission set AdministratorAccess as Alan?

1 Answer
0

Hello.

Are there any errors when trying to create an OU using "nikki"?
If a permission error occurs, you can check CloudTrail and see the error.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html

Also, is "nikki" signed into the correct AWS account?
Operations on Organizations OUs are performed using the Organizations root account.
https://docs.aws.amazon.com/organizations/latest/userguide/create_ou.html

profile picture
EXPERT
answered 3 months ago
  • Yes. I did sign in as nikki. "Operations on Organizations OUs are performed using the Organizations root account.". OK, that is why nikki can't create OU. i looked into CloudTrail and filter by user name "nikki", what evetname should I also filter to find out the errors? The eventnames for nikki are mostly CredentialChallenge, ListProfilesForApplication, Authenticate, Federate etc

  • Yes. I did sign in as nikki. "Operations on Organizations OUs are performed using the Organizations root account.". OK, that is why nikki can't create OU.

    "Alan" and "nikki" cannot create an OU unless they sign in to the same Organizations root AWS account.

    The eventnames for nikki are mostly CredentialChallenge, ListProfilesForApplication, Authenticate, Federate etc

    I think you need to look it up by event name.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions