View and change a permission set - Amazon IAM Identity Center
View permission set assignmentsChange a permission set
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

View and change a permission set

You can use permission sets to grant users access to Amazon Web Services accounts. You can view and change a permission set with the Amazon IAM Identity Center console. You can search and sort permission sets by name in the IAM Identity Center console. For more information about permission sets and how they are used in IAM Identity Center, see Manage Amazon Web Services accounts with permission sets.

Permission sets are not required to manage user access to applications.

Note

To use permission sets, you'll need to use an Organization instance of IAM Identity Center. For more information, see Organization and account instances of IAM Identity Center.

View permission set assignments

Use this procedure to view applied permission set in the Amazon IAM Identity Center console.

All Amazon Web Services accounts where a permission set is provisioned

To view all the assignments for a permission set, use the following procedure:

  1. Sign in to the Amazon Web Services Management Console and open the Amazon IAM Identity Center console at https://console.amazonaws.cn/singlesignon/.

  2. Under Multi-account permissions, choose Permission sets.

  3. On the Permission sets page, select the permission set you want to view.

  4. Once on the selected permission sets page, under the Accounts tab, you can see the accounts where the permission set is used. You can select the account to see how the permission set is provisioned within the account. You can delete, edit, and attach policies to the permission set.

All permission sets for an Amazon Web Services account

To view all the assignments for a permission set, use the following procedure:

  1. Sign in to the Amazon Web Services Management Console and open the Amazon IAM Identity Center console at https://console.amazonaws.cn/singlesignon/.

  2. Under Multi-account permissions, choose Amazon Web Services accounts. Select the account for which you want to view the provisioned permission sets.

  3. Once on the selected Amazon Web Services account page, under the Permission sets tab, you can view the different permission set assigned to the selected Amazon Web Services account. You can select the permission set hyperlink to learn more about the permission set.

All applied permission sets to users and groups

To view all the permission sets assigned to users or groups, use the following procedure:

  1. Sign in to the Amazon Web Services Management Console and open the Amazon IAM Identity Center console at https://console.amazonaws.cn/singlesignon/.

  2. Select either Users or Groups under Dashboard to view IAM Identity Center users or groups.

    1. Once on the Users page, select the user for whom you want to see applied permission sets. Next, select the Amazon Web Services accounts tab and the Amazon Web Services account under the Amazon account access section. You’ll be able to see the applied permission sets and Amazon Web Services account for the selected user.

    2. Once on the Groups page, select the group you want to view applied permission sets. Next, select the Amazon Web Services accounts tab and the Amazon Web Services account under the Amazon Web Services account access section. You’ll be able to see the applied permission sets and Amazon Web Services account for the selected group.

Change a permission set

Use this procedure to change a permission set with the IAM Identity Center console. You can add or remove permission sets from users or groups.

  1. Sign in to the Amazon Web Services Management Console and open the Amazon IAM Identity Center console at https://console.amazonaws.cn/singlesignon/.

  2. Under Multi-account permissions, choose Amazon Web Services accounts.

  3. On the Amazon Web Services account page, a tree view list of your organization appears. Select the name of the Amazon Web Services account from which you want to change the permission set.

  4. On the Overview page of the Amazon Web Services account, under Assigned Users and Groups, select the username or group name of the permission set you want to change. Then choose Change permission sets.

  5. Make the desired changes to the permission set and then choose Save changes.

  6. Navigate to the Permission sets tab and select the recently changed permission set and choose Update.

  7. On the Update permissions page, choose Update.