RAM policy attached directly to user

IAM misconfigurations

RAM policy attached directly to user

Platform(s)

Compliance Frameworks

AliCloud CIS
Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
CPRA
Data Security Posture Management (DSPM) Best Practices
essential_8_au
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
pipeda
UK Cyber Essentials

Description

A RAM Policy is an object in Alibaba Cloud that, when attached to a RAM identity (a user, group, or role), defines its permissions. It was detected that the RAM policy {AliCloudRamPolicy} is attached directly to an AliCloud user. As the number of users grows, the complexity of access management increases. Therefore, to reduce complexity assign privileges at group or role level.

RAM policy attached directly to user

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS