Federated access and LakeFormation tag-based access best practice

0

Hi, We are working on the project where ActiveDirectory users get a federated access to the AWS. I would like to ask about the best practices for how to set up federation and the Tag based access control for users that they can benefit from the flexible permissions. The scenario is: In AD we have users in the group Sales. They get federated access and mapped to the AWS role AWSReservedSSO_AWSSales etc. We give corresponding permissions to this role to the LF tag sales. Then one of the AD users needs to access Marketing domain and he gets added to the new AD group. In AWS he is still federated as the Sales role and so he can't see the data tagged as marketing. What are the options rather than creating a new AWS Role and map that user to the new AWS role which will have a new tag added (..._AWSSalesMarketing) role)

Denys
已提問 9 個月前檢視次數 119 次
沒有答案

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南