ConsoleMe
GitHub
  • About
  • Architecture
  • Features
    • Credentials
      • AWS Console Login
      • AWS Credential Broker
    • Policy Management
      • Policies View
      • Policy Editor for IAM, SQS, SNS, and S3
      • Self-Service IAM Wizard
      • Policy Request - Review Page
      • Role Creation and Cloning
  • Demo
  • Quick Start
    • Docker
    • Local
  • Prerequisites
    • Required IAM Permissions
      • Central Account
      • Spoke Accounts
  • Configuration
    • Web App Authentication and Authorization
      • Local Development (Auth bypass)
      • ALB Auth (Recommended)
      • Retrieving Google Groups
      • OIDC/OAuth2
        • Cognito
        • Okta
      • SAML
      • Plain-Text Headers
    • Role Credential Authorization
      • Role Tags
        • Role Tagging Service Control Policy (Recommended)
      • Role Authorization through Dynamic Configuration
      • Custom Authorization (Internal Plugin)
    • Account Syncing
    • Metrics
    • Dynamic Configuration
    • AWS Resource Syncing
    • CLI Authentication
    • Sending email through SES
    • AWS Secret Manager Integration
    • CloudTrail Integration via AWS Event Bridge
    • Slack Notifications
  • Celery Tasks
    • Celery Flower
  • Development Guide
    • UI Components
    • Managing Dependencies
  • Deployment Strategies
  • Contributing
  • FAQ
  • License
  • Security
  • Weep CLI
    • Getting Started with Weep
    • AWS Credentials in the CLI using Weep and ConsoleMe
    • Configuration
    • Commands
      • List
      • Serve
      • Export
      • File
      • Credential Process
    • Assuming Roles
    • Advanced Configuration
      • Routing for Metadata Service
      • Shell Completion
Powered by GitBook
On this page

Was this helpful?

  1. Features
  2. Policy Management

Policy Request - Review Page

PreviousSelf-Service IAM WizardNextRole Creation and Cloning

Last updated 3 years ago

Was this helpful?

Your cloud administrators (And eventually your resource owners) will receive an e-mail to a user's policy request when a user submits it.

The policy request review page shows context about the user and the request, as well as any changes that the user has requested. The user has the ability to update the permissions associated with their request, cancel individual changes within the request, or cancel the entire request.

Your cloud administrators can approve or reject individual changes in the request, or reject the entire request. Approving a change applies it immediately to the resource.

ConsoleMe will naively attempt to auto-generate cross-account resource policies for the request, if required. It will only generate resource policies if the resource is known to be on a different account, and if it is a supported resource type. Today, only S3, SQS, and SNS are supported resource types. We hope to add support for more in the future.

The only difference between cancelling and rejecting a request is that users can cancel their own requests. Only cloud administrators can reject a request. Otherwise, both features are identical.

https://www.youtube.com/watch?v=ayYAVJsifPswww.youtube.com