2 個答案
- 最新
- 最多得票
- 最多評論
0
Hello.
You must operate with an IAM Identity Center administrative account and assign the necessary permissions.
https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetcustom.html
Alternatively, IAM Identity Center administration can be delegated to a specific member account.
In that case, it will be possible to operate the IAM Identity Center from a delegated member account and assign privileges.
https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetcustom.html
0
Thanks Riku. 1 I can't set policies for SSO users like in IAM anymore, right? 2 May I grant ReadOnly to all SSO users, create IAM role, let SSO user assume role when they need?
已回答 9 個月前
相關內容
- 已提問 1 年前
- 已提問 6 個月前
AWS 官方已更新 1 年前- AWS 官方已更新 3 年前
- AWS 官方已更新 6 個月前
It cannot be operated from the IAM screen. Attach IAM policies in the IAM Identity Center permission set.
Do you want to set a set of permissions for a user with a ReadOnly policy? SSO users can be assigned multiple sets of privileges. For example, if an SSO user is assigned the ReadOnly permission set and the PowerUser permission set, the user can switch between the two permission sets when necessary.