View and change a permission
set
You can use permission sets to grant users access to AWS accounts. You can
view and change a permission set with the AWS IAM Identity Center console. For more
information about permission sets and how they are used in IAM Identity Center, see Manage AWS accounts with permission
sets.
Permission sets are not required to manage user access to applications.
You can search and sort permission sets by name in the IAM Identity Center
console.
View permission set
assignments
Use this procedure to view applied permission set in the AWS IAM Identity Center
console.
- All AWS accounts where a permission set is
provisioned
-
To view all the assignments for a permission set, use the
following procedure:
Sign in to the AWS Management Console and open the AWS IAM Identity Center console at https://console.aws.amazon.com/singlesignon/.
-
Under Multi-account
permissions, choose Permission sets.
-
On the Permission
sets page, select the permission set you
want to view.
-
Once on the selected permission sets page, under the
Accounts tab, you can see the
accounts where the permission set is used. You can
select the account to see how the permission set is
provisioned within the account. You can delete, edit, and attach policies to the
permission set.
- All permission sets for an AWS account
-
To view all the assignments for a permission set, use the
following procedure:
Sign in to the AWS Management Console and open the AWS IAM Identity Center console at https://console.aws.amazon.com/singlesignon/.
-
Under Multi-account permissions,
choose AWS accounts. Select the
account for which you want to view the provisioned
permission sets.
-
Once on the selected AWS account page, under the
Permission sets tab, you can
view the different permission set assigned to the
selected AWS account. You can select the permission
set hyperlink to learn more about the permission set.
- All applied permission sets to users and groups
-
To view all the permission sets assigned to users or groups,
use the following procedure:
Sign in to the AWS Management Console and open the AWS IAM Identity Center console at https://console.aws.amazon.com/singlesignon/.
-
Select either Users or Groups under
Dashboard to view IAM Identity Center users
or groups.
-
Once on the Users page,
select the user for whom you want to see applied
permission sets. Next, select the
AWS accounts tab and the
AWS account under the AWS account
access section. You’ll be able to see
the applied permission sets and AWS account for
the selected user.
-
Once on the Groups page,
select the group you want to view applied
permission sets. Next, select the
AWS accounts tab and the
AWS account under the AWS account
access section. You’ll be able to see
the applied permission sets and AWS account for
the selected group.
Change a permission set
Use this procedure to change a permission set with the IAM Identity Center console. You can add or remove
permission sets from users or groups.
Sign in to the AWS Management Console and open the AWS IAM Identity Center console at https://console.aws.amazon.com/singlesignon/.
-
Under Multi-account permissions,
choose AWS accounts.
-
On the AWS account page, a tree
view list of your organization appears. Select the name of the
AWS account from which you want to change the permission
set.
-
On the Overview page of the
AWS account, under Assigned Users and
Groups, select the username or group name of the
permission set you want to change. Then choose Change permission sets.
-
Make the desired changes to the permission set and then choose
Save changes.
-
Navigate to the Permission sets
tab and select the recently changed permission set and choose
Update.
-
On the Update permissions page,
choose Update.