Updated on 2025-05-22 GMT+08:00

SEC03-03 Regularly Reviewing Permissions

Periodically review and update permissions to prevent permission creep and consistently remove unnecessary permissions.

  • Risk level

    High

  • Key strategies
    • Use IAM user groups to manage access permissions, and configure expiration times for temporary permissions.
    • Promptly adjust the permissions granted to a user group when its job functions or responsibilities change.
    • When delegating an account to another account, ensure an expiration time is configured for the delegation.
    • Monitor the last login time of IAM users to identify accounts that have been inactive for an extended period. For such accounts, manage their identity credentials and permissions in a timely manner.
  • Related cloud services and tools

    IAM