AWS IAM documentation change
Summary
Updated example user names from 'JohnSmith', 'CarlosSalazar', 'MaryMajor', 'ZhangWei' to shorter forms 'John', 'Carlos', 'Mary', 'Zhang' in policy explanation examples
Security assessment
The changes are purely cosmetic updates to example names in documentation scenarios. No security-related content was modified or added.
Diff
diff --git a/IAM/latest/UserGuide/access_policies_identity-vs-resource.md b/IAM/latest/UserGuide/access_policies_identity-vs-resource.md index f9d448c55..9bf8e12f5 100644 --- a//IAM/latest/UserGuide/access_policies_identity-vs-resource.md +++ b//IAM/latest/UserGuide/access_policies_identity-vs-resource.md @@ -23 +23 @@ To learn how the policies interact across accounts, see [Cross-account policy ev -To better understand these concepts, view the following figure. The administrator of the `123456789012` account attached _identity-based policies_ to the `JohnSmith`, `CarlosSalazar`, and `MaryMajor` users. Some of the actions in these policies can be performed on specific resources. For example, the user `JohnSmith` can perform some actions on `Resource X`. This is a _resource-level permission_ in an identity-based policy. The administrator also added _resource-based policies_ to `Resource X`, `Resource Y`, and `Resource Z`. Resource-based policies allow you to specify who can access that resource. For example, the resource-based policy on `Resource X` allows the `JohnSmith` and `MaryMajor` users list and read access to the resource. +To better understand these concepts, view the following figure. The administrator of the `123456789012` account attached _identity-based policies_ to the `John`, `Carlos`, and `Mary` users. Some of the actions in these policies can be performed on specific resources. For example, the user `John` can perform some actions on `Resource X`. This is a _resource-level permission_ in an identity-based policy. The administrator also added _resource-based policies_ to `Resource X`, `Resource Y`, and `Resource Z`. Resource-based policies allow you to specify who can access that resource. For example, the resource-based policy on `Resource X` allows the `John` and `Mary` users list and read access to the resource. @@ -29 +29 @@ The `123456789012` account example allows the following users to perform the lis - * **JohnSmith** – John can perform list and read actions on `Resource X`. He is granted this permission by the identity-based policy on his user and the resource-based policy on `Resource X`. + * **John** – John can perform list and read actions on `Resource X`. He is granted this permission by the identity-based policy on his user and the resource-based policy on `Resource X`. @@ -31 +31 @@ The `123456789012` account example allows the following users to perform the lis - * **CarlosSalazar** – Carlos can perform list, read, and write actions on `Resource Y`, but is denied access to `Resource Z`. The identity-based policy on Carlos allows him to perform list and read actions on `Resource Y`. The `Resource Y` resource-based policy also allows him write permissions. However, although his identity-based policy allows him access to `Resource Z`, the `Resource Z` resource-based policy denies that access. An explicit `Deny` overrides an `Allow` and his access to `Resource Z` is denied. For more information, see [Policy evaluation logic](./reference_policies_evaluation-logic.html). + * **Carlos** – Carlos can perform list, read, and write actions on `Resource Y`, but is denied access to `Resource Z`. The identity-based policy on Carlos allows him to perform list and read actions on `Resource Y`. The `Resource Y` resource-based policy also allows him write permissions. However, although his identity-based policy allows him access to `Resource Z`, the `Resource Z` resource-based policy denies that access. An explicit `Deny` overrides an `Allow` and his access to `Resource Z` is denied. For more information, see [Policy evaluation logic](./reference_policies_evaluation-logic.html). @@ -33 +33 @@ The `123456789012` account example allows the following users to perform the lis - * **MaryMajor** – Mary can perform list, read, and write operations on `Resource X`, `Resource Y`, and `Resource Z`. Her identity-based policy allows her more actions on more resources than the resource-based policies, but none of them deny access. + * **Mary** – Mary can perform list, read, and write operations on `Resource X`, `Resource Y`, and `Resource Z`. Her identity-based policy allows her more actions on more resources than the resource-based policies, but none of them deny access. @@ -35 +35 @@ The `123456789012` account example allows the following users to perform the lis - * **ZhangWei** – Zhang has full access to `Resource Z`. Zhang has no identity-based policies, but the `Resource Z` resource-based policy allows him full access to the resource. Zhang can also perform list and read actions on `Resource Y`. + * **Zhang** – Zhang has full access to `Resource Z`. Zhang has no identity-based policies, but the `Resource Z` resource-based policy allows him full access to the resource. Zhang can also perform list and read actions on `Resource Y`.