Restricting access to Amazon DataZone

Restricting programmatic access to Amazon DataZone - for IAM users or roles, making programmatic API calls, access can be restricted via IAM policies. If you want to revoke any already issued short term credentials for roles, you can use the IAM revoke session mechanism on the role or on the Service Control Policy.

Restricting login access to the Amazon DataZone data portal - to restrict login access to the Amazon DataZone data portal, for IAM users or roles, IAM policies can restrict access to the datazone:GetUserPortalLoginUrl action. For SSO users and groups, restrict access to the Amazon DataZone data portal by setting the Amazon DataZone user profile status to Deactivated. If your domain is configured with implicit assignment and the user has not previously used Amazon DataZone, you will need to remove the user from the identity provider.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Manage user permissions in the data portal

Upgrade Amazon DataZone domains to Amazon SageMaker unified domains