User Level Policy
Released: Nov 2019
In addition to the User Roles (Administrator, Author, Viewer), Cloudivize allowing high level of permission control by using IAM Policy per user at the same Cloudivize account.
Administrator can attach an IAM Policy to every user at his account. using the comprehensive AWS IAM Policy format.
This IAM policy enables the Administrator to allow or deny viewing, accessing, modifying or operating any asset at the managed account.
For instance: Administrator can allow a specific user to view or change specific assets (or types), and can deny access from another user. Or, Administrator can deny from specific user to operate any asset, but he can still allow him to visualize all assets within the managed account.
When the user level IAM Role does not allow to load an asset type (i,e. denying DescribeXXX, ListXXX or GetXXX APIs) those types will not be shown at the user canvas.
It should be noticed that the Minimal Requirements specified at this AWS Credentials Configuration for IAM Role still valid here too. It means, denying access to any of the mentioned actions this will harm the system functionality and user could fail using the system as expected.
Recommendation: use https://awspolicygen.s3.amazonaws.com/policygen.html to generate a valid IAM Policy, and make sure you are applying the expected policy beforehand.