IAM misconfigurations

IAM policy allows full tenancy access to a non-admin group or a service

Platform(s)

  • N/A

Compliance Frameworks

Description

Permission to manage all resources in a tenancy should be limited to a small number of users in the Administrators group for break-glass situations and to set up users/groups/policies when a tenancy is created. It was detected that IAM policy {OciIamPolicy.Name} allows a non-admin group or service full access to the tenancy. No group other than Administrators in a tenancy and no service should need access to all resources in a tenancy, as this violates the enforcement of the least privilege principle.
Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.