Manage Permission Sets

Create a Permission Set to tailor users' level of access to Stax-managed AWS accounts

On This Page
Before You BeginCreate a Permission SetCreate a Permission Set AssignmentEdit a Permission SetDelete a Permission SetEdit or Delete a Permission Set AssignmentRetry an Assignment DeploymentSee also

You can create a Permission Set and configure assignments to provide users with tailored access to Stax-managed AWS accounts. See Permission Sets for more.

This feature is currently in preview. Review Access Stax Preview Features for more information on what this means. See known issues for details on current limitations.

Before You Begin

  • Estimated time to complete: 15-20 minutes
  • Ensure you are a member of the Admin role in your Stax tenancy
  • You must have Preview Mode enabled in Stax
  • Have an intermediate understanding of AWS IAM
  • Determine the IAM Policy to be assigned, and have it prepared in JSON format

Create a Permission Set

  1. Log in to the Stax Console

  2. Select Accounts in the left-hand nav, then choose Permission Sets

    No Permission Sets
  3. Click + Create to get started

  4. On the Permission Set details page, complete the fields as appropriate:

  • Permission Set Name: The name of the permission set. This is the name users will see when accessing Stax-managed AWS accounts using this Permission Set

  • Description: A description of the permission set

  • Max Session Duration: The maximum session duration for the Permission Set in seconds. Supported values are 3600 (1 hour) to 43200 (12 hours)

  • IAM Policy Name: The name of the IAM Policy to be associated with the Permission Set

  • IAM Policy: The JSON formatted IAM Policy document

    Create Permission Set
  1. Apply any tags as appropriate, then select Create to create the Permission Set
Permission Sets

Once the Permission Set is created, it can be assigned to groups and Account Types.

Create a Permission Set Assignment

Assignments are how users are granted access to utilize a Permission Set.

  1. Log in to the Stax Console

  2. Select Accounts in the left-hand nav, then choose Permission Sets

  3. From the list of Permission Sets, locate the desired Permission Set and click View Assignments to view the Permission Set's assignments

    Permission Sets
  4. Choose the Account Type and group to assign the Permission Set to, then select Add to add the assignment

    Permission Sets Assignments
Permission Sets Assignments

The Permission Set Assignment will take a few minutes to deploy. Once deployment completes, its status will change to DEPLOYMENT_COMPLETE.

When a user in the group next attempts to log into an AWS account in the specified Account Type, they will see an additional option to log in using the Permission Set.

Edit a Permission Set

Permission Sets can be edited to change their details if required. A common use case for this is when updating the IAM Policy Document that defines the level of access granted by this Permission Set.

  1. Log in to the Stax Console

  2. Select Accounts in the left-hand nav, then choose Permission Sets

  3. Click the vertical ellipsis (⋮) on the Permission Set you'd like to edit, then choose Edit from the drop-down menu

    Permission Sets
  4. Update the properties of the Permission Set as required

    Edit Permission Set
  5. Choose Save to save the changes.

When changing the properties of a Permission Set, you must then deploy the changes to assigned Account Types. See Retry an Assignment Deployment for more.

Delete a Permission Set

Permission Sets can be deleted when no longer required. Prior to deleting a Permission Set, all its Assignments must be deleted.

  1. Log in to the Stax Console

  2. Select Accounts in the left-hand nav, then choose Permission Sets

  3. Click the vertical ellipsis (⋮) on the Permission Set you'd like to edit, then choose Delete from the drop-down menu.

  4. Confirm the details of the Permission Set to be deleted, then choose Yes, delete to commence the deletion

    Delete Permission Set

Edit or Delete a Permission Set Assignment

Permission Set Assignments cannot be edited, only deleted. To delete an Assignment:

  1. Log in to the Stax Console

  2. Select Accounts in the left-hand nav, then choose Permission Sets

  3. From the list of Permission Sets, locate the desired Permission Set and click View Assignments to view the Permission Set's Assignments

    Permission Sets
  4. Choose the Delete button next to the Assignment you wish to delete. At the prompt, review the details, then choose Yes, delete to delete the Assignment.

    Delete Permission Set Assignment

Retry an Assignment Deployment

In certain circumstances you may need to retry deploying an assignment. This is useful if a deployment fails, or if the scope of an Assignment changes and needs to be deployed to in-scope accounts.

  1. Log in to the Stax Console

  2. Select Accounts in the left-hand nav, then choose Permission Sets

  3. From the list of Permission Sets, locate the desired Permission Set and click View Assignments to view the Permission Set's Assignments

    Permission Sets
  4. Locate the Assignment in question and select the retry button to retry the deployment

    Retry Permission Set Assignment

The assignments will be deployed in the background to accounts within the specified Account Type.

See also