AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio documentation change

Service: sagemaker-unified-studio · 2026-03-19 · Documentation low

File: sagemaker-unified-studio/latest/userguide/data-agent-security.md

Summary

Clarified that SageMaker Data Agent IAM permissions apply specifically to Notebooks or Query Editor usage context

Security assessment

Change adds specificity about where the permissions apply but does not introduce new security controls or address vulnerabilities. Maintains existing required API permissions without security context changes.

Diff

diff --git a/sagemaker-unified-studio/latest/userguide/data-agent-security.md b/sagemaker-unified-studio/latest/userguide/data-agent-security.md
index bd9dfb392..f8d13621b 100644
--- a//sagemaker-unified-studio/latest/userguide/data-agent-security.md
+++ b//sagemaker-unified-studio/latest/userguide/data-agent-security.md
@@ -18 +18 @@ Required IAM permissions to use SageMaker Data Agent
-To use the SageMaker Data Agent, your project role need to have required IAM permissions. Your role must have the permissions to invoke the following Amazon DataZone APIs: SendMessage, GenerateCode, StartConversation, GetConversation, and ListConversations. 
+To use the SageMaker Data Agent in Notebooks or Query Editor, your project role needs the required IAM permissions. Your role must have the permissions to invoke the following Amazon DataZone APIs: SendMessage, GenerateCode, StartConversation, GetConversation, and ListConversations.