Logging and monitoring

RAM policy attached directly to user

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

A RAM Policy is an object in Alibaba Cloud that, when attached to a RAM identity (a user, group, or role), defines its permissions. It was detected that the RAM policy {AliCloudRamPolicy} is attached directly to an AliCloud user. As the number of users grows, the complexity of access management increases. Therefore, to reduce complexity assign privileges at group or role level.
  • Recommended Mitigation

    It is recommended to avoid assigning RAM policies directly to users and instead assign privileges at the group or role level to obtain better control and management on access permissions. Better access management may reduce the possibility of a user with unintentionally excessive privileges.