Permission Configuration is a configuration template used by Identity Center users to access accounts. It includes CAM's predefined strategies and supports custom policies. You can use this template to authorize Identity Center users on the account.
First Deployment of Permission Configuration
When you set permissions for users or user groups on the account, you need to specify a Permission Configuration. If no other users or user groups have deployed a Permission Configuration on that account, the Identity Center will perform the deployment actions for the Permission Configuration in the account's CAM for you. The deployment in CAM includes the following:
Create a CAM role with the Identity Center Synchronization type .
On the CAM role, bind the system policy and custom policy specified in the binding permission configuration.
If no authorizations have been made on the account, create an Identity Provider , allowing Identity Center users to use Role SSO log in to the account.
You can view the aforementioned CAM roles and Identity Providers in the CAM console of the account, but you cannot make any modifications or deletions .
Redeploy Permission Configuration
If the Permission Configuration has already been deployed on the account, but changes have been made, these changes will not automatically update to the account. You need to manually redeploy (add or remove system policies) to apply the changes.