You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your idea related to a problem? Please describe.
In data.all , consumption role in an environment. Consumption roles when registered, data.all creates a managed policy for the consumption role and if the role is data.all managed then data.all attaches the policy to the consumption role.
We have few roles which have super user permissions or are managed by the users themselves. They do not want data.all to manage the IAM policies for that role.
Describe the solution you'd like
While importing a consumption role, add another check "Allow without policies" ( or some other name ) with which user can onboard a consumption role and use it as a part of share.
When the share is approved, the bucket, KMS , LF , etc will be modified but the consumption role won't be attached any policy as well as a policy won't be created. This policy creation and attachment will be done by the requestor
P.S. Don't attach files. Please, prefer add code snippets directly in the message body.
The text was updated successfully, but these errors were encountered:
Is your idea related to a problem? Please describe.
In data.all , consumption role in an environment. Consumption roles when registered, data.all creates a managed policy for the consumption role and if the role is data.all managed then data.all attaches the policy to the consumption role.
We have few roles which have super user permissions or are managed by the users themselves. They do not want data.all to manage the IAM policies for that role.
Describe the solution you'd like
While importing a consumption role, add another check "Allow without policies" ( or some other name ) with which user can onboard a consumption role and use it as a part of share.
When the share is approved, the bucket, KMS , LF , etc will be modified but the consumption role won't be attached any policy as well as a policy won't be created. This policy creation and attachment will be done by the requestor
P.S. Don't attach files. Please, prefer add code snippets directly in the message body.
The text was updated successfully, but these errors were encountered: