Changing Permissions for an IAM User (part 2)

 







To read part 1, please click here




Changing Permissions for a User (console)

The following methods will help you in achieving the said goal-

Editing a permissions policy attached to a user 

  1. First of all, sign-in to the AWS Management Console and open the IAM console at https:// console.aws.amazon.com/iam/.
  2. Now select Users in the navigation pane.
  3. Select the user name whose permissions policy you want to modify.
  4. Now you can click the Permissions tab, and open the Permissions policies section if necessary.
  5. Select the policy name required to be edited to see all the details about the policy and then Used as tab to have a look at the other entities that might be affected after the change.
  6. After that, you can choose the Permissions tab to review the permissions granted by the policy and the Edit policy.
  7. Edit the policy via the Visual editor tab or the JSON tab and resolve any policy validation recommendations.
  8. Lastly, you have to choose Review policy, to review the policy summary, and then Save changes.
Changing the permissions boundary for a user
  1. As done before, you have to sign-in to the AWS Management Console and open the IAM console at https:// console.aws.amazon.com/iam/.
  2. Now select Users in the navigation pane.
  3. Select the user name whose permissions boundary you have to change.
  4. Now you can click the Permissions tab. Open the Permissions boundary section (if necessary), and then Change boundary.
  5. Select the policy required to be used for the permissions boundary.
  6. Choose Change boundary.

Removing Permissions Policy from a User (console)

  1. Sign-in to the AWS Management Console and open the IAM console at https:// console.aws.amazon.com/iam/.
  2. Now select Users in the navigation pane.
  3. Select the user name whose permissions boundary you want to remove.
  4. Now you can click the Permissions tab.
  5. If the permissions are revoked by removing an existing policy, then, you have view the Policy type to understand better before actually choosing X to remove the policy.
  • However, if the policy applies via a group membership, then, selecting X will also remove the user from the group along with the access to all the policies received from that particular group membership.
  • Whereas, if it's a managed policy directly attached to the user, then, choosing X will simply detach the policy from the user without affecting the policy or any other entity attached to the policy.
  • But, if it's an inline embedded policy, then, choosing X will remove from IAM as these policies are exist only on that user. 

Removing Permissions Boundary from a User (console)

  1. Sign-in to the AWS Management Console and open the IAM console at https:// console.aws.amazon.com/iam/.
  2. Now select Users in the navigation pane.
  3. Select the user name whose permissions boundary you want to remove.
  4. Now you can click the Permissions tab. You can also open the Permissions boundary section and Remove boundary if necessary. 
  5. Finally, you can choose Remove to confirm the removal of the permissions boundary.

Adding & Removing a User's Permissions (AWS CLI or AWS API)

In order to add or remove permissions programmatically, you have to add or remove group memberships, attach or detach the managed policies, or add or delete the inline polices. 








To read part 1, please click here










































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)