Ability to restrict where actions are allowed, rather than the entire service. Defines the scope of the assignment.
Identity / IAM / Capabilities / DEV
Resource-Level Access
CCC.IAM.CP11
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.IAM.TH04 | Additional Cloud Credentials Creation | An adversary with access to a sufficiently privileged cloud account may create additional credentials such as access keys, service accounts and temporary credentials to establish persistance or elevate their privileges. |