Skip to main content

Access Control Overview

Access control lets you give granular access to specific users and service accounts and resources and prevents unwanted access to other accounts and resources. Access represents the types of actions that users can perform, read, create, and delete, and the features that the actions can apply to. It also applies to resources detected by Lacework. By excluding resource group access for a particular user group, you prevent users in that group from being able to view or work with the resources in the group in any way.

Role-based access control (RBAC) is control over user groups and access to resources based on a defined role at either an account level or organization level.

Organization Roles

At organization level, Lacework supports two roles: Administrator and User.

The following tabs describe in detail each role and its permissions.

Account Roles

At account level, Lacework supports three roles: Admin, Power user, and Read-only user.

The following tabs describe in detail each role and its permissions.

* For caveats and usage note related to permissions for resource groups, see Resource Groups.

Service Users

Lacework supports service users to provide programmatic access to the Lacework API without allowing logins to the Lacework Console. Service users have three roles: Admin, Power user, and Read-only user.

The following tabs describe in detail each role and its permissions.

User typeUser groupDescription
Service userAccount adminUsers with the account administrator role have full access to all Lacework API endpoints.