# Mapping Partner Central Users to Managed Policies
## Understanding Partner Central Personas and Policy Mapping
Each persona represents a distinct role within your partner organization with specific access needs to AWS Partner Central features. Match your users to these personas to assign the appropriate managed policy that grants necessary permissions while maintaining security best practices.
**Important**
All managed policies below grant users access to Amazon Q, an AI-powered assistant providing real-time support and guidance within AWS Partner Central. For more information on Amazon Q, see [here](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/what-is.html).
## Common AWS Partner Central User Personas
| User persona | Persona Description | Recommended Partner Central Managed policies | Partner Central responsibilities |
| --- | --- | --- | --- |
| IAM Administrator | This individual typically sits in IT Security, Information Security, or Governance/Compliance teams, but this varies by organization. They should have administrator access to the AWS account used to access AWS Partner Central. | This individual should have administrator rights within the AWS account in order to provision users' IAM permissions | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) |
| Alliance Lead (Head of AWS Partnership, Director of Cloud Alliances) | Owns the AWS relationship and is responsible for driving growth of the AWS partnership through program alignment, co-sell readiness and cross-functional execution | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) These policies combined provision these users with full read and write access to all features in AWS Partner Central. For a detailed breakdown of what this policy contains, see [here](https://docs.aws.amazon.com/partner-central/latest/getting-started/security-iam-awsmanpol.html). | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) |
| Program Coordinator (Partner Operations Manager, Alliance Team Member, APN Program Administrator) | Collaborates closely with Alliance Lead to distribute oversight responsibilities by supporting tracking of requirements, management of submissions and ensuring compliance. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) These users are essentially an extension of the Alliance Lead and require similar permissions. These policies combined provisions these users with full read and write access to all features in AWS Partner Central. For a detailed breakdown of what this policy contains, see [here](https://docs.aws.amazon.com/partner-central/latest/getting-started/security-iam-awsmanpol.html). | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) |
| Marketing Manager (Partner Marketing Manager, Channel Marketing Lead) | The Marketing Manager builds awareness and drives demand for AWS-aligned offerings. They develop campaigns, create content, and apply for joint marketing programs. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) |
| Sales Manager (Account Manager, Account Executive, Business Development Manager) | Accelerate revenue by sourcing, registering and closing AWS-related deals in collaboration with AWS field teams. | `AWSPartnerCentralOpportunityManagement` This policy grants users the ability to view and edit the entire pipeline of opportunities within your AWS Partner Central account. This policy is designed for team members who are actively working on partner opportunities and need access to opportunity management features, but don't require access to all Partner Central capabilities. This policy also provides access to other general purpose features, like the ability to access partner documentation, contact support, and track progress with the Scorecard. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) |
| Integration Engineer/Developer | Technical user supporting the partner alliances team with building and maintaining CRM integrations connecting partner systems to AWS Partner Central APIs | AWSFullAccessSandboxFullAccess | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) |
| Technical Lead | The Technical Lead is the engineer or architect who ensures their organization's solutions meet AWS technical standards and program requirements. They design and implement scalable cloud architectures, provide technical guidance across teams, and optimize solutions for performance, security, and cost. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) |
| Funding Program Manager | The Funding Program Manager owns financial operations tied to AWS—tracking revenue, reconciling payments, and managing funding audits and reporting. | `PartnerCentralIncentiveBenefitManagement` This policy provides access to manage incentive and benefit programs within AWS Partner Central. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) |
## AWS ProServe Tools Access
For services partners supporting customer migrations and who want access to the AWS Assessment Tools (outside of AWS Partner Central), users must be assigned one of three managed policies to be provisioned access. These tools include:
+ **Migration Portfolio Assessment (MPA)**: A tool that helps partners and customers evaluate, plan, and prioritize workloads for migration to AWS. MPA enables partners to build a business case for migration, analyze the current application portfolio, estimate costs, and identify the right migration strategy for each workload. It provides data-driven insights to accelerate migration planning and reduce risk.
+ **Assessment Tools (A2T)**: A suite of customer-facing survey and assessment tools, including the Migration Readiness Assessment (MRA) — a structured evaluation that measures a customer's readiness to migrate to AWS across six dimensions of the AWS Cloud Adoption Framework. A2T assessments help partners identify gaps, build remediation plans, and demonstrate migration readiness to AWS and the customer.
Access is controlled through three AWS managed policies, each mapped to a specific user persona. Use the table below to determine the level of access each individual requires:
| User persona | Persona Description | Recommended Partner Central Managed policies | AWS Assessment Tools functionality |
| --- | --- | --- | --- |
| Individual Contributor | This individual creates and manages their own assessments in A2T and MPA. This is the base-level role required for all assessment activity. | AWSPartnerProServeToolsIndividualContributor | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) |
| Organization Reader and Individual Contributor | This individual requires visibility into all assessments across the organization, while also managing their own. This persona is common for team leads or senior practitioners who need to review historical or peer assessments without editing them. | AWSPartnerProServeToolsOrganizationReaderIndividualContributor | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) |
| Organization Contributor (Full Assessment Access) | This individual requires full read/write access to all assessments in the organization. This persona is suited for senior practitioners or delivery leads who need to edit, delete, or share assessments created by any user in the organization, including historical assessments. | AWSPartnerProServeToolsFullAccess | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policy-mappings.html) |
For more information about IAM managed policies, see [Managing IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-using.html). For information about attaching policies to users and groups, see [Attaching a policy to an IAM user group](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_attach-policy.html).