RAM User Role No Product Admin Access
ID: rule:aliyun:ram-user-role-no-product-admin-access
Severity: medium
IaC Types: ROS, Terraform
Description
Ensures RAM user-defined roles do not have product administrative permissions.
Reason for Violation
Custom roles with admin permissions increase security risks.
Recommendation
Review role permissions and remove excessive privileges.
Resource Types
- ROS:
ALIYUN::RAM::Role - Terraform:
alicloud_ram_role_policy_attachment