IAM 用户能否向其他用户授予他不拥有的资源的权限?
Can an IAM user give permissions to another user on a resource he does not own?
如果 IAMuser1 创建了一个 s3 存储桶,他就是该存储桶的所有者。如果 IAMuser2 创建另一个 IAMUser3,他能否将基于身份的策略附加到 IAMuser3 以授予对 IAMuser1 创建的 s3 存储桶的访问权限?
Q: Can an IAM user give permissions to another user on a resource he does not own?
答:是的。 IAM 用户不拥有该资源。它是 IAM 用户所属的根 AWS 账户拥有资源。
Q: If IAMuser1 creates an S3 bucket, he is the owner of the bucket.
A: The "owner" of a bucket or an object in a bucket is not an individual IAM user, but rather the AWS account to which that user belongs.
Q: If IAMuser2 creates another IAMUser3, can he (IAMuser2) attach an identity based policy to IAMuser3 giving access to the S3 bucket created by IAMuser1?
A:这取决于 IAMuser2 拥有的 IAM 权限。为了授予 IAMuser3 访问由 IAMuser1 创建的 S3 存储桶的权限,IAMuser2 需要 PutUserPolicy 或 AttachUserPolicy IAMuser3 IAM 用户资源。
如果 IAMuser1 创建了一个 s3 存储桶,他就是该存储桶的所有者。如果 IAMuser2 创建另一个 IAMUser3,他能否将基于身份的策略附加到 IAMuser3 以授予对 IAMuser1 创建的 s3 存储桶的访问权限?
Q: Can an IAM user give permissions to another user on a resource he does not own?
答:是的。 IAM 用户不拥有该资源。它是 IAM 用户所属的根 AWS 账户拥有资源。
Q: If
IAMuser1creates an S3 bucket, he is the owner of the bucket.
A: The "owner" of a bucket or an object in a bucket is not an individual IAM user, but rather the AWS account to which that user belongs.
Q: If
IAMuser2creates anotherIAMUser3, can he (IAMuser2) attach an identity based policy toIAMuser3giving access to the S3 bucket created byIAMuser1?
A:这取决于 IAMuser2 拥有的 IAM 权限。为了授予 IAMuser3 访问由 IAMuser1 创建的 S3 存储桶的权限,IAMuser2 需要 PutUserPolicy 或 AttachUserPolicy IAMuser3 IAM 用户资源。