System-user role

From CNM Wiki
Revision as of 22:50, 13 October 2018 by Gary (talk | contribs)
Jump to: navigation, search

A system-user role (or, alternatively spelt, system user role; also known as user access level or system-granted identity; user role in WordPress; user group in MediaWiki; IAM role in AWS; hereinafter, the Role) is a set of capacities often called permissions that a system grants to any user who belongs to a particular Role.


An IAM role is very similar to a user, in that it is an identity with permission policies that determine what the identity can and cannot do in AWS. However, a role does not have any credentials (password or access keys) associated with it. Instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. An IAM user can assume a role to temporarily take on different permissions for a specific task. A role can be assigned to a federated user who signs in by using an external identity provider instead of IAM. AWS uses details passed by the identity provider to determine which role is mapped to the federated user.