AWS datazone documentation change
Summary
Updated authentication configuration details and user profile management explanation
Security assessment
Clarifies security controls (authentication methods and policy-based permissions) but does not indicate a specific security vulnerability being addressed.
Diff
diff --git a/datazone/latest/userguide/user-management-portal.md b/datazone/latest/userguide/user-management-portal.md index 10483ba4d..cc1438f22 100644 --- a//datazone/latest/userguide/user-management-portal.md +++ b//datazone/latest/userguide/user-management-portal.md @@ -7 +7,3 @@ -In the current release of Amazon DataZone, the default authorization mechanism enables all authenticated users (IAM and SSO) of the Amazon DataZone domains to create projects, create entities within the projects, and conduct searches. Project members must still abide by the permissions given to them per their designated project owner or project contributor roles. +You can use the Amazon DataZone management portal to configure authentication for IAM users and roles, SSO users and groups, and SAML users. Amazon DataZone assigns a user profile to each user that uses Amazon DataZone. + +User profile permissions to use projects, create entities, etc. are managed using domain untis and policy grants. Within a specific project, the project membership desigation (owner, contributor, view) determines the action authorization.