Develop
EngineVersion 1iamClasses

iam:Principal

iam:Principal from the iam matrix.

Extends: Party

Principals are the actors in the system (User, Agent). Not to be confused with Roles, which are permission bundles.

Properties

iam:hasRole (optional)

Assigns a role to a principal.

hasRole must reference a Role

A principal can have multiple roles. Effective permissions are the union of all assigned roles' identity policies.

Values:

  • iam:FullAccessRole: Grants complete access to all workspace actions.
  • iam:SystemAdminRole: Grants full read, write, and invocation access to all system-defined resources.
  • iam:SystemReadRole: Grants read access and action invocation on system-defined resources.

iam:PolicyEffect

The effect of a policy evaluation - either allow or deny.

iam:Resource

iam:Resource from the iam matrix.

On this page

Propertiesiam:hasRole (optional)