AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A software development company is deploying an application in AWS and has a development team with varying access requirements. Some developers need read-only access to certain resources, while others require full administrative access to different services. The company anticipates rapid team expansion and wants to manage permissions in a scalable and organized manner without over-provisioning access. What is the most effective way to implement a flexible authorization model to satisfy these needs?
You selected this option
Grant all users full access to resources to simplify management.
You selected this option
Create roles for each permission set and have users assume these roles when needed.
You selected this option
Attach the necessary permissions directly to each individual user account.
You selected this option
Organize users into groups based on permissions and assign policies to the groups.
Organizing users into groups based on their access requirements and attaching appropriate policies to these groups is the most effective approach. This method implements a role based access control (RBAC) which allows for centralized permission management, making it easier to assign or revoke access as team members join or leave. It also reduces the complexity of managing individual permissions for each user and minimizes the risk of granting unnecessary privileges. Attaching permissions directly to individual user accounts is not scalable as the team grows. Using roles for each permission set is more suitable for temporary or cross-account access rather than managing team permissions. Granting all users full access goes against the principle of least privilege and poses security risks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is role-based access control (RBAC)?
Open an interactive chat with Bash
Why is it not scalable to attach permissions directly to individual user accounts?
Open an interactive chat with Bash
What are the security risks of granting all users full access to resources?