AWS datazone medium security documentation change
Summary
Restricted unpublish permissions to project owners/contributors from 'any user with permissions'
Security assessment
Directly addresses authorization controls by tightening access to sensitive operations. Prevents unauthorized users from unpublishing data products, mitigating potential privilege escalation risks.
Diff
diff --git a/datazone/latest/userguide/unpublish-data-product.md b/datazone/latest/userguide/unpublish-data-product.md index bb8879f59..d6f943e7c 100644 --- a//datazone/latest/userguide/unpublish-data-product.md +++ b//datazone/latest/userguide/unpublish-data-product.md @@ -9 +9 @@ Amazon DataZone enables data producers to group data assets into well-defined, s -Any Amazon DataZone user with the required permissions to access the data portal can unpublish an Amazon DataZone data product. +To unpublish a data product, you must be the owner or the contributor of the project to which the data product belongs.