Topic 1 Question 216
A company has teams that have different job roles and responsibilities. The company’s employees often change teams. The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilities.
Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?
IAM user groups
IAM roles
IAM instance profiles
IAM policies for individual users
ユーザの投票
コメント(17)
- 正解だと思う選択肢: A
IAM user groups allow you to group users with similar job roles or responsibilities together. Instead of managing individual user permissions, you can assign IAM policies to these groups. When an employee changes teams or job roles, you can simply add or remove them from relevant user groups, and the permissions associated with the group will be applied automatically to the user.
👍 14Rinkans2023/11/28 - 正解だと思う選択肢: B
IAM roles are the most suitable resource for managing permissions in a scenario where employees frequently change teams and have different job roles and responsibilities. IAM roles allow you to define a set of permissions and policies and then assign those roles to users or AWS services as needed. This way, you can grant temporary access based on the user's current job responsibilities, and the users do not have to be directly assigned specific permissions.
IAM user groups (option A) are typically used to simplify the management of permissions for sets of users who share common job responsibilities. However, roles provide more flexibility in dynamic scenarios where users move between teams.
👍 8salthehash2023/12/19 - 正解だと思う選択肢: B
IAM Roles, the official course suggest it
👍 6stoy1232024/02/05
シャッフルモード