Permissions of an IAM User Group
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
iam-group-has-permission-check |
|
Identifier |
Permissions of an IAM User Group |
|
Description |
If an IAM user group has no permissions assigned, the check result is non-compliant. |
|
Tag |
iam |
|
Trigger Type |
Configuration change |
|
Filter Type |
iam.groups |
|
Rule Parameters |
None |
Application Scenarios
As an administrator, you can create user groups and grant them permissions using policies or roles. Users added to the user groups inherit permissions from the user groups. If no permissions are assigned to an IAM user group, it does not inherit any permissions. You are advised to periodically check and delete invalid IAM user groups to improve operations and management efficiency.
Solution
If a user group is no longer needed, delete the user group.
If a user group needs permissions based on specific use cases, assign it permissions.
Rule Logic
- If an IAM user group does not have any permissions, the check result is non-compliant.
- If an IAM user group has permissions assigned, the check result is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
