使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

How to limit access to specific Identity Center groups?

0

I have multiple groups in my default Identity Center directory. I want members of a specific group manage users of other groups except a couple of administrator-managed groups. Simple use case is to "Allow team leaders manage limited number of teams by adding/removing users" sso-directory does not support (have) any ARNs and does not have any specific Conditions. Global conditions does not allow to filter by resource ARN or, in my case, group_id. Tags cannot be added to Identity Center groups to allow for aws:ResourceTag/... filtering.

Are there any feasible way to resolve my use-case?

主題
安全性、身分識別與合規管理與治理
標籤
安全性、身分識別與合規AWS Identity and Access ManagementAWS Account Management
語言
English
Maksym
已提問 1 個月前檢視次數 172 次
1 個回答
0
已接受的答案

Hello.

As stated in the document below, there are no condition keys, so I don't think it is currently possible to manage only specific groups.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamidentitycentersuccessortoawssinglesign-ondirectory.html

profile picture
專家
Riku_Kobayashi
已回答 1 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容