Allow consumption roles to be used in shares with data.all not creating / managing policies for that role #1613
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Is your idea related to a problem? Please describe.
In data.all , consumption role in an environment. Consumption roles when registered, data.all creates a managed policy for the consumption role and if the role is data.all managed then data.all attaches the policy to the consumption role.
We have few roles which have super user permissions or are managed by the users themselves. They do not want data.all to manage the IAM policies for that role.
Describe the solution you'd like
While importing a consumption role, add another check "Allow without policies" ( or some other name ) with which user can onboard a consumption role and use it as a part of share.
When the share is approved, the bucket, KMS , LF , etc will be modified but the consumption role won't be attached any policy as well as a policy won't be created. This policy creation and attachment will be done by the requestor
P.S. Don't attach files. Please, prefer add code snippets directly in the message body.
The text was updated successfully, but these errors were encountered: