AWS sagemaker-unified-studio medium security documentation change
Summary
Changed domain administration page access from 'users with administrative permissions' to being restricted to the domain creation IAM role
Security assessment
The change tightens access control by limiting administration page access to the specific IAM role used for domain creation, reducing potential privilege escalation risks
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/access-domain-administration-page.md b/sagemaker-unified-studio/latest/adminguide/access-domain-administration-page.md index 76ad44048..64b3eb5e9 100644 --- a//sagemaker-unified-studio/latest/adminguide/access-domain-administration-page.md +++ b//sagemaker-unified-studio/latest/adminguide/access-domain-administration-page.md @@ -9 +9 @@ The domain administration page in Amazon SageMaker Unified Studio provides admin -Access to the domain administration page is restricted to users with appropriate administrative permissions and is designed for managing Amazon SageMaker Unified Studio IAM-based domains. +Access to the domain administration page is restricted to the IAM role, specified as the domain login role, used to create the domain. This IAM role is the project member in the default admin project created for the domain.