Help Center> IoT Device Access> FAQs> Solution Consulting> Why Was I Prompted to Grant Security Administrator Permissions When I Create a Rule or Set Resource File Storage?
View PDF

Why Was I Prompted to Grant Security Administrator Permissions When I Create a Rule or Set Resource File Storage?

This is because the Identity and Access Management (IAM) user that you are using is not granted with the required management permissions. Use the administrator account to perform one of the following methods to grant permissions to the IAM user.

Method 1 (recommended): Create a custom policy (that allows agency creation, role query, and more) and attach it to the user group to which the IAM user belongs.

  1. Log in to the IAM console, choose Permissions in the left navigation pane, and click Create Custom Policy in the upper right corner.

    • Policy Name: Enter a policy name.
    • Scope: Select Global services.
    • Policy View: Select JSON.
    • Policy Content: Set this parameter as follows: 
      {
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "iam:agencies:createAgency",
                "iam:agencies:listAgencies",
                "iam:agencies:getAgency",
                "iam:permissions:listRolesForAgencyOnDomain",
                "iam:permissions:listRolesForAgencyOnProject",
                "iam:permissions:grantRoleToAgencyOnProject",
                "iam:permissions:revokeRoleFromAgencyOnProject",
                "iam:permissions:grantRoleToAgencyOnDomain",
                "iam:permissions:revokeRoleFromAgencyOnDomain",
                "iam:permissions:checkRoleForAgencyOnProject",
                "iam:permissions:checkRoleForAgencyOnDomain",
                "iam:roles:createRole",
                "iam:roles:listRoles",
                "iam:roles:getRole"
            ],
            "Effect": "Allow"
        }
    ]
}
  2. Choose User Groups in the left navigation pane and click the target user group.
  3. Choose the Permissions tab, click Assign Permissions, and attach the created policy to the user group.

Method 2: Grant the Security Administrator permissions to the user group to which the IAM user belongs.

  1. Log in to the IAM console, choose User Groups in the left navigation pane, and click the target user group.
  2. Click the Permissions tab, click Assign Permissions, and select the Security Administrator role.

    Note: Users with the Security Administrator permissions can perform all actions such as agency, role, and user management. Exercise caution when assigning the permissions.

Parent topic: Solution Consulting