Attach and detach policies for Amazon Web Services (AWS) identities

This article describes how you can attach and detach permissions for users, roles, and groups for Amazon Web Services (AWS) identities using the Remediation dashboard.

Note

To view the Remediation tab, your must have Viewer, Controller, or Administrator permissions. To make changes on this tab, you must have Controller or Administrator permissions. If you don't have these permissions, contact your system administrator.

View permissions

  1. On the Permissions Management home page, select the Remediation tab, and then select the Permissions subtab.

  2. From the Authorization System Type dropdown, select AWS.

  3. From the Authorization System dropdown, select the accounts you want to access.

  4. From the Search For dropdown, select Group, User, or Role.

  5. To search for more parameters, you can make a selection from the User States, Permission Creep Index, and Task Usage dropdowns.

  6. Select Apply. Permissions Management displays a list of users, roles, or groups that match your criteria.

  7. In Enter a username, enter or select a user.

  8. In Enter a group name, enter or select a group, then select Apply.

  9. Make a selection from the results list.

    The table displays the related Username Domain/Account, Source and Policy Name.

Attach policies

  1. On the Permissions Management home page, select the Remediation tab, and then select the Permissions subtab.
  2. From the Authorization System Type dropdown, select AWS.
  3. In Enter a username, enter or select a user.
  4. In Enter a Group Name, enter or select a group, then select Apply.
  5. Make a selection from the results list.
  6. To attach a policy, select Attach Policies.
  7. In the Attach Policies page, from the Available policies list, select the plus sign (+) to move the policy to the Selected policies list.
  8. When you have finished adding policies, select Submit.
  9. When the following message displays: Are you sure you want to change permission?, select:
    • Generate Script to generate a script where you can manually add/remove the permissions you selected.
    • Execute to change the permission.
    • Close to cancel the action.

Detach policies

  1. On the Permissions Management Permissions Management home page, select the Remediation tab, and then select the Permissions subtab.
  2. From the Authorization System Type dropdown, select AWS.
  3. In Enter a username, enter or select a user.
  4. In Enter a Group Name, enter or select a group, then select Apply.
  5. Make a selection from the results list.
  6. To remove a policy, select Detach Policies.
  7. In the Detach Policies page, from the Available policies list, select the plus sign (+) to move the policy to the Selected policies list.
  8. When you have finished selecting policies, select Submit.
  9. When the following message displays: Are you sure you want to change permission?, select:
    • Generate Script to generate a script where you can manually add/remove the permissions you selected.
    • Execute to change the permission.
    • Close to cancel the action.

Next steps