On Tue, Nov 28, 2023 at 8:30 PM Shawn McKinney <[email protected]> wrote:
> > > > On Nov 28, 2023, at 11:01 AM, Veniamin Gvozdikov < > [email protected]> wrote: > > > > I actually expected like AWS IAM has: > > > > From AWS documentation: An IAM group is an identity that specifies a > collection of IAM users. You can't use a group to sign-in. You can use > groups to specify permissions for multiple users at a time. Groups make > permissions easier to manage for large sets of users. For example, you > could have a group named IAMPublishers and give that group the types of > permissions that publishing workloads typically need. > > How is this different than the standard RBAC definition of a Role? Which > maps between a set of users and a set of permissions. > > Zero difference as I see by AWS IAM and fortress roles with permissions. But groups are a bit unclear within ldap and fortress. > Thanks for opening up this discussion btw. We’ve handled (something like) > it many times over the years but it’s always interesting to revisit as new > technologies come into play. > If you have that question for many times I would like to read FAQ about Groups or something documented about that. -- Regards, Veniamin
