AWS connect documentation change
Summary
Restructured permissions section to emphasize explicit grants for third-party apps
Security assessment
Improves clarity on security best practices for third-party app permissions. No evidence of addressing a specific security vulnerability.
Diff
diff --git a/connect/latest/adminguide/3p-apps-events-requests.md b/connect/latest/adminguide/3p-apps-events-requests.md index 333ed0e75..8b03cd0de 100644 --- a//connect/latest/adminguide/3p-apps-events-requests.md +++ b//connect/latest/adminguide/3p-apps-events-requests.md @@ -5,2 +4,0 @@ -App permissions - @@ -9 +7 @@ App permissions -## App permissions +This topic lists the permissions you must explicitly give to third party applications to access Amazon Connect data. @@ -13 +11,5 @@ App permissions -If you are a developer, review how to create applications that react to events [here](https://docs.aws.amazon.com/agentworkspace/latest/devguide/integrate-with-agent-data.html). +If you are a developer, review how to create applications that react to events: [Integrate application with Amazon Connect Agent Workspace agent data](https://docs.aws.amazon.com/agentworkspace/latest/devguide/integrate-with-agent-data.html). + +When you onboard third-party applications by using the API or the onboarding UI in the AWS Management Console, you must explicitly give third-party applications permissions to Amazon Connect data. You can also edit the permissions on an existing app. + +To understand the effects of assigning a particular permission, review the following permissions, description, and corresponding requests and events. @@ -15 +17 @@ If you are a developer, review how to create applications that react to events [ -When you onboard the applications by using the API or the onboarding UI in the AWS Console, you must explicitly give third-party applications permissions to Amazon Connect data. You can also edit the permissions on an existing app. +For example, if you assign the permission `User.Details.View` to the application, then it will have the ability to make the following requests: `agent.getName` and `agent.getARN`. If your app attempts to subscribe to an event or make a request for data that it does not have permission for, your app may not function as intended. @@ -17 +19 @@ When you onboard the applications by using the API or the onboarding UI in the A -To understand the effects of assigning a particular permission, please review the below permissions, description, and corresponding requests and events. As an example: If you assign the permission `User.Details.View` to the application, then it will have the ability to make the following requests: `agent.getName` and `agent.getARN`. If your app attempts to subscribe to an event or make a request for data that it does not have permission for, your app may not function as intended. To learn more about each request and event, see the [API Reference](https://docs.aws.amazon.com/agentworkspace/latest/devguide/api-reference-3p-apps-events-and-requests.html.html). +To learn more about each request and event, see the [API Reference](https://docs.aws.amazon.com/agentworkspace/latest/devguide/api-reference-3p-apps-events-and-requests.html.html).