RAM policy with full administrative privileges

Data protection

RAM policy with full administrative privileges

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AliCloud CIS

Description

A RAM Policy is an object in Alibaba Cloud that, when attached to a RAM identity (a user, group, or role), defines its permissions. It was detected that the custom RAM policy {AliCloudRamPolicy} grants full administrative privileges. These privileges grant the attached RAM identities the ability to perform all actions on any resource in the account.

Recommended Mitigation

It is recommended to avoid using custom policies with full administrative privileges and grand only least privilege, i.e., to limit permissions to the bare minimum to perform the task. To manage policy references, see: https://www.alibabacloud.com/help/en/doc-detail/116818.htm. To create, delete, or modify an existing custom policy, see: https://www.alibabacloud.com/help/en/doc-detail/116801.html

RAM policy with full administrative privileges

Description

Need help?