Stack Overflow
Stack Overflow

Questions tagged [identity-management]

broad term used for authentication and authorization systems

This term is broadly used to cover issues such as how users are given an identity, the protection of that identity, and the technologies supporting that protection (e.g., network protocols, digital certificates, passwords, etc.) detailed reading

286 questions
1
vote
1 answer

Do the policies attached to IAM groups take precedence over the policies attached to individual IAM users?

I have a question let's assume I attached IAM policy "EC2FullAccess" to a user and then I added that specific user to a group but that group don't have "EC2FullAccess" Policy is he will still able to access to EC2?
ii_7sn001
  • 45
  • 4
1
vote
1 answer

How to retrieve the lambda caller identity ( lambda ARN, IAM Role,... ) on a lambda to lambda communication

I have a scenario with Lambdas ( many/caller ) to Lambda (one) communication using AWS Invoke() API call where I need to identify the caller Lambda. Which information could be used to get the lambda caller ? I cannot rely on the event data as for…
Sébastien
  • 485
  • 4
  • 9
1
vote
2 answers

is there any IAM solution which don't use per user pricing schema?

i made a research on IAM tools and its seems that most of them are using per-active user fees for their pricing schema, and I found it so costly for large amount of user numbers is there any product tool that uses a different pricing schema? i…
MohAli
  • 19
  • 2
1
vote
0 answers

Sample SOAP Request for Oracle Flexcube FCUBSSMService

I am looking to automate user provisioning for Oracle Flexcube through APIs using FCUBSSMService SOAP Service, however due to lack of knowledge on Oracle I am having challenges in identifying the correct SOAP Service request from the available…
hhm21
  • 11
  • 1
1
vote
0 answers

How to enforce keycloak policies with krakend

We want to protect krakend endpoints by using the keycloak policies. From the keycloak documentation (here) it's possible by using the adapters, but there is none for Go If krakend cannot do this, please advice a tool that does. Thanks
holyris
  • 171
  • 11
1
vote
0 answers

using multiple conditions in iam policy

I am trying to give two conditions StringEquals and ArnEquals. The StringEquals block is working whereas ArnEquals block is failing. Even after i gave the correct federated user of mine. I am unable to start build. here is what i am trying. I am…
preethi
  • 21
  • 1
1
vote
0 answers

BigQuery: How to set IAM condition to delete table (using CEL?)

In Google BigQuery, I want to restrict an assigend role for table delete action, so that users only can delete tables they created themselves. I assume, that it's (only?) possible with Condition Editor using CEL expressions (see…
Yves
  • 229
  • 2
  • 6
1
vote
0 answers

Automatic review and analysis of AWS Identity Center managed users and groups for permissions granted

I want to use something like IAM analyzer but with more details of analysis for permissions review process. Also we have moved out of Iam Completely and is now using SSO or Okta to manage our users and policies grant. (hence Iam analyzer only able…
merlin ernest
  • 23
  • 5
1
vote
1 answer

Google Cloud Storage Bucket can't transfer data in

I am granted with a customized role with below…
kri_5463
  • 35
  • 3
1
vote
1 answer

AWS Secrets Resource Policy Wildcard Generalization

I am trying to generalize a resource policy for an aws secret that multiple lambdas will grab from (project based). Currently what i have below works { "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Principal" : { …
andruidthedude
  • 165
  • 1
  • 8
1
vote
0 answers

Dataproc Cluster create error: required 'compute.subnetworks.use' permission

I am in a google cloud service project which is attached to a host subnet. I have verified that it's possible to use the subnet to make simple compute engine VM's. However, when I attempt to create a dataproc cluster I am unable to. I can confirm…
007chungking
  • 55
  • 4
1
vote
3 answers

Issue when running terraform: Error: updating Auto Scaling Group XXX: AccessDenied: You are not authorized to use launch template: XXX

I have picked up a piece of work started by a contractor who has since left, and I was told the pipeline was working, but when I run it I get this error: ╷ │ Error: updating Auto Scaling Group (XXX): AccessDenied: You are not authorized to use…
berimbolo
  • 3,319
  • 8
  • 43
  • 78
1
vote
0 answers

kmsPermission Denied to insert a GCE Disk

I am getting the below mentioned error while executing the terraform code for gcp resource notebook-runtime creation. Basically notebook disk is not getting created due to some kms error. Which in turn is causing the notebook to be not…
nemalipuri anurag
  • 11
  • 2
1
vote
1 answer

Permissions for access to Bigquery Project-Id

When we're working on different projects in bigquery, we're changing project-id from the top panel. We need to get "Bigquery Admin" permission so we can make this choice from above, but we want to keep these permissions to a minimum, so what can we…
muratacikgoz
  • 11
  • 1
1
vote
0 answers

Is it possible to assign role to an azure Active directory B2C application to an signalR service?

I was trying to assign permission to an application created in AAD B2C service in my signalR service, I followed those steps on Microsoft doc, but I see they are using a default AD…
lcorozco10
  • 11
  • 3
1 2
3
18 19