Troubleshooting permission set AministratorAccess

0

I have created two Identity Center users - Alan and nikki. I assign Alan to the Management Account, nikki to the account I created - Administration. I assigned AdministratorAccess permission set to both the users in the Management Account and Administration. When I logged in as Alan, I am able to create OU and everything just like root user. But when I logged in as nikki I am not able to create OU.

How do I troubleshoot why nikki is not able to create OU even though she has the same permission set AdministratorAccess as Alan?

profile picture
Lottie
已提问 3 个月前125 查看次数
1 回答
0

Hello.

Are there any errors when trying to create an OU using "nikki"?
If a permission error occurs, you can check CloudTrail and see the error.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html

Also, is "nikki" signed into the correct AWS account?
Operations on Organizations OUs are performed using the Organizations root account.
https://docs.aws.amazon.com/organizations/latest/userguide/create_ou.html

profile picture
专家
已回答 3 个月前
  • Yes. I did sign in as nikki. "Operations on Organizations OUs are performed using the Organizations root account.". OK, that is why nikki can't create OU. i looked into CloudTrail and filter by user name "nikki", what evetname should I also filter to find out the errors? The eventnames for nikki are mostly CredentialChallenge, ListProfilesForApplication, Authenticate, Federate etc

  • Yes. I did sign in as nikki. "Operations on Organizations OUs are performed using the Organizations root account.". OK, that is why nikki can't create OU.

    "Alan" and "nikki" cannot create an OU unless they sign in to the same Organizations root AWS account.

    The eventnames for nikki are mostly CredentialChallenge, ListProfilesForApplication, Authenticate, Federate etc

    I think you need to look it up by event name.

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则