The content from the Amazon Detective Administration Guide is now consolidated into the Amazon Detective User Guide. Amazon Detective Administration Guide will reach its end of standard support on May 08, 2024.
Available actions for accounts
Administrator and member accounts have access to the following Detective actions. In the table, the values have the following meanings:
-
Any – The account can perform the action for all of the accounts under the same Detective administrator account.
-
Self – The account can only perform the action on their own account.
-
Dash (–) – The account cannot perform the action.
The following table reflects the default permissions for administrator and member accounts. You can use custom IAM policies to restrict access further to Detective features and functions.
Action |
Administrator account (Organization) |
Administrator account (Invitation) |
Member (Organization) |
Member (Invitation) |
---|---|---|---|---|
View accounts |
Any |
Any |
Self (View administrator accounts) |
Self (View administrator accounts) |
Remove member account |
Any Invited accounts are removed Organization accounts are disassociated |
Any |
– |
Self |
Add or remove optional data source packages |
Any (Setting applies to all member accounts) |
Any (Setting applies to all member accounts) |
– |
– |
Disable Detective |
Self |
Self |
– |
– |
View behavior graph data |
Any |
Any |
– |
– |
Enable or disable optional data source packages |
All |
All |
– |
– |