AWS transfer documentation change
Summary
Added note about duplicate S3 bucket listings when users belong to multiple Active Directory groups with overlapping grants.
Security assessment
This change addresses user interface behavior rather than security controls. While it relates to access management, it does not introduce or modify security features - it simply documents existing grant listing behavior.
Diff
diff --git a/transfer/latest/userguide/webapp-end-users.md b/transfer/latest/userguide/webapp-end-users.md index 7ef44e190..5ae2ca3f6 100644 --- a//transfer/latest/userguide/webapp-end-users.md +++ b//transfer/latest/userguide/webapp-end-users.md @@ -60,0 +61,4 @@ If your organization did not use AWS IAM Identity Center to configure its users, +###### Note + +If a user belongs to multiple Active Directory groups that have grants to the same Amazon S3 bucket, the bucket appears multiple times in the web app interface. This occurs because the web app lists all top-level grants associated with the user's UID or GID, including duplicate grants to the same bucket. To prevent duplicate listings, administrators can consolidate multiple grants so that each user has only one grant per Amazon S3 location. +