AWS connect documentation change
Summary
Increased maximum security profiles with access control tags per user from 3 to 7
Security assessment
Change increases a system limit without addressing vulnerabilities or weaknesses. No evidence of security incident remediation. Impact: Allows more complex permission combinations but doesn't alter security controls.
Diff
diff --git a/connect/latest/adminguide/tag-based-access-control.md b/connect/latest/adminguide/tag-based-access-control.md index 4c0b07317..ea9279ca4 100644 --- a//connect/latest/adminguide/tag-based-access-control.md +++ b//connect/latest/adminguide/tag-based-access-control.md @@ -31 +31 @@ Access control tags are configured on a security profile. You can configure up t -Users can be assigned a maximum of three security profiles that contain access control tags. When multiple security profiles containing access control tags are assigned to a single user, the tag-based access controls become less restrictive. For example, if a user had one security profile with an access control tag like `Country:USA`, and another security profile with an access control tag like `Country:Argentina`, a user would be able to see resources tagged with `Country:USA` or `Country:Argentina`. A user can have other security profiles, as long as those additional security profiles do not contain tags. If multiple security profiles are present with overlapping resource permissions, the security profile without tag-based access controls will be enforced over the one with tag-based access controls. +Users can be assigned a maximum of seven security profiles that contain access control tags. When multiple security profiles containing access control tags are assigned to a single user, the tag-based access controls become less restrictive. For example, if a user had one security profile with an access control tag like `Country:USA`, and another security profile with an access control tag like `Country:Argentina`, a user would be able to see resources tagged with `Country:USA` or `Country:Argentina`. A user can have other security profiles, as long as those additional security profiles do not contain tags. If multiple security profiles are present with overlapping resource permissions, the security profile without tag-based access controls will be enforced over the one with tag-based access controls.