Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ User Guide/ Access Analyzer/ Setting Access Analyzers/ Setting a Delegated Administrator to Manage Analyzers
Updated on 2025-11-07 GMT+08:00
View PDF
Share

Setting a Delegated Administrator to Manage Analyzers

If you need to configure an access analyzer for your organization, you can delegate administration to a member account in your organization to extend the ability to create and manage access analyzers.

If you have added a delegated administrator, you can also change it. After the change, the original delegated administrator loses permission to create and manage access analyzers. The organization-level analyzer will be disabled and no longer generate or update any findings. The previously generated findings cannot be accessed. If you need to access the findings or use the analyzers, you can delegate administration to this member account again. If you will not delegate administration to this member account again, you are advised to delete its organization-level access analyzer before delegating administration to another member account.

After a new delegated administrator creates a new access analyzer, the new analyzer generates the same findings. You can continue to access the findings as the organization administrator.

After a delegated administrator is removed, its organization-level analyzer will be disabled and all generated findings cannot be accessed.

Constraints

  • Only the organization administrator can create, remove, or change the delegated administrator.
  • Only one delegated administrator can be added.

Adding a Delegated Administrator

  1. Log in to the new IAM console.
  2. In the navigation pane, choose Access Analyzer > Analyzers Settings and click Add Delegated Administrator.

    Figure 1 Adding a delegated administrator

  3. In the displayed dialog box, enter the delegated administrator account ID.

    Figure 2 Entering the delegated administrator account ID

  4. Click OK.

Removing a Delegated Administrator

  1. Log in to the new IAM console.
  2. In the navigation pane, choose Access Analyzer > Analyzers Settings.
  3. On the Analyzers page, click on the right of the delegated administrator account ID.

    Figure 3 Removing a delegated administrator

  4. In the displayed dialog box, confirm the deletion and enter DELETE.

    Figure 4 Confirming the deletion

  5. Click OK.
Parent topic: Setting Access Analyzers