PrepAway - Latest Free Exam Questions & Answers

7 Comments on “Using Amazon IAM, can I give permission based on organizational groups?

  1. crumplecrap says:

    I am not 100% on this one, as organizational groups makes me think of Active Directory or a group mailbox. As groups can not be added to other groups it makes me think the answer is NO.

    If they intend a group to mean an IAM group, of course you can add permissions there.

    Practically thinking, it seems like the question is about a scenario where you have a request to grant a user right to all members of the HR department.




    0



    1
  2. Duck bro says:

    C
    http://docs.aws.amazon.com/IAM/latest/UserGuide/id.html
    An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group. If a new user joins your organization and should have administrator privileges, you can assign the appropriate permissions by adding the user to that group. Similarly, if a person changes jobs in your organization, instead of editing that user’s permissions, you can remove him or her from the old groups and add him or her to the appropriate new groups. Note that a group is not truly an identity because it cannot be identified as a Principal in an access policy. It is only a way to attach policies to multiple users at one time.




    2



    0

Leave a Reply

Your email address will not be published. Required fields are marked *