AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A Solutions Architect needs to implement an authorization strategy that allows efficient permission updates for users based on their job functions in a cloud environment. Given the need for individualized access rights and scalable updates to access patterns, which method should be chosen?
You selected this option
Apply service control policies directly to user accounts to grant necessary permissions based on their job roles.
You selected this option
Create a single role that encompasses all permissions for different job functions and grant users the ability to assume this role based on their needs.
You selected this option
Implement individual policies for each user, customizing access permissions according to the specific needs and job functions.
You selected this option
Utilize groups to represent different job functions and attach policies defining the access permissions to these groups. All users are then assigned to the appropriate groups based on their job function.
The most efficient way to manage permissions for multiple users who share common job functions is by using groups. When a permissions update for a job function is needed, making a single change to the group policy will automatically propagate to all users in that group. Attaching permissions directly to each user is not scalable and makes it difficult to manage when there are changes in common access patterns. Utilizing a single role for all users would go against individualized access rights and does not support scalable permission updates. Service control policies apply to accounts within an AWS Organization and not to individual user accounts; hence, they are not suitable for managing individualized permissions within a single account.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are IAM groups in AWS and how do they function?
Open an interactive chat with Bash
What is the significance of policy updates in IAM groups?
Open an interactive chat with Bash
What are individual policies and why are they less efficient than group policies?