Manage Access at Account Level

Custom Roles

Create Custom Roles

1. Log in to the Lacework Console as a Lacework user with account administrative privileges.
2. Go to Settings > Access control > Roles.
3. Click + Add New.
4. Name the role.
5. Select the permissions you want to include in the role.
6. Click Create.

note

Each account can have up to 15 custom roles.

Edit Custom Roles

1. Log in to the Lacework Console as a Lacework user with account administrative privileges.
2. Go to Settings > Access control > Roles.
3. Select the custom role you want to edit, then click the Edit () icon.
   Alternatively, click the Ellipsis (...) icon and select Edit.
4. Make changes to the role name or permissions.
5. Click Save to save the changes to this custom role.

Add Custom Roles to Custom User Groups

1. Log in to the Lacework Console as a Lacework user with account administrative privileges.
2. Go to Settings > Access control > User group.
3. Select the custom user group you want to add the custom role to then click the Edit () icon.
   Alternatively, click the Ellipsis (...) icon and select Edit.
   
4. From the Role dropdown menu, select the custom role.
5. Click Save.

note

A custom user group can have multiple custom roles added to it.

Custom User Groups

Create Custom User Groups

1. Log in to the Lacework Console as a Lacework user with account administrative privileges.
2. Go to Settings > Access control > User groups.
3. Click + Add New.
4. Name the user group.
5. From the Role dropdown menu, select the role you want to add to this user group.
6. Click Next.
7. Choose one or more resource groups for this user group. Users in this group will be able to access only the data pertaining to the resources in these groups in Lacework.
8. Add users to the new user group. See Manage Users in User Groups.
9. Click Save.

Edit Custom User Groups

1. Log in to the Lacework Console as a Lacework user with account administrative privileges.
2. Go to Settings > Access control > User groups.
3. Select the custom user group you want to edit, then click the Edit () icon.
   Alternatively, click the Ellipsis (...) icon and select Edit.
4. Click Details, then make changes to the user group name, role, or resource groups.
   note

   When modifying resource groups in a user group, note that users who have access to a resource in a given time frame will be able to see those resources in the Lacework Console within the time frame for which they had access, even if that access is later removed.

5. Click Save to save the changes to this custom user group.
6. Click Users, then add or remove users from this user group. For more details, see Manage Users in User Groups.

Delete Custom User Groups

1. Log in to the Lacework Console as a Lacework user with account administrative privileges.
2. Go to Settings > Access control > User groups.
3. Select the custom user group you want to edit, then click the Delete () icon.
   Alternatively, click the Ellipsis (...) icon and select Delete.
4. Confirm the deletion.

Manage Users in User Groups

1. Log in to the Lacework Console as a Lacework user with account administrative privileges.
2. Go to Settings > Access control > User groups.
3. Select the user group you want to access, then click Users to see all users in this group.
   Alternatively, click the Ellipsis (...) icon and select Manage users.
   Click In this account to see all users of this account.
   Click Organization user to see all users of this user group who are also organization users.
4. Click Add more users to add users to this user group. Use the search function to quickly find the user you want to add, then select the checkboxes next to each user.
   Click Save to add the selected users to this user group.
   
   To remove users from a user group, select the checkboxes next to those users, then click Remove.

note

For user groups that currently have no users, click Add users to assign existing standard users to this user group.

Users

Create Standard Users for an Account

1. Log in to the Lacework Console as a Lacework user with account administrative privileges.
2. Go to Settings > Access control > Users.
3. Click + Add New.
4. Select the user type for the new user as Standard user.
5. Enter the user's name, email and company, then click Next.
   You can create multiple users who have the same user type and user group by clicking + Add another user.
6. Select the user group for the new user such as Account admin, Account power user, or Account read-only user. Click View permission to see the privileges of each user group, or see Account Roles.
7. Click Save to complete the user creation.

Create Service Users for an Account

1. Log in to the Lacework Console as a Lacework user with account administrative privileges.
2. Go to Settings > Access control > Users.
3. Click + Add New.
4. Select the user type for the new user as Service user.
5. Enter the user's name and descripiton, then click Next.
   You can create multiple users who have the same user type and user group by clicking + Add another user.
6. Select the user group for the new user such as Account admin, Account power user, or Account read-only user. Click View permission to see the privileges of each user group, or see Account Roles.
7. Click Save to complete the user creation.

Edit Standard Users of an Account

1. Log in to the Lacework Console as a Lacework user with account administrative privileges.
2. Go to Settings > Access control > Users.
3. Select the user you want to edit, then click the Edit () icon.
   Alternatively, click the Ellipsis (...) icon and select Edit.
4. Make changes to the user's name, or assign the user to a different user group. See Account Roles.
5. Click Save to save the changes to this user.

Edit Service Users of an Account

1. Log in to the Lacework Console as a Lacework user with account administrative privileges.
2. Go to Settings > Access control > Users.
3. Select the service user you want to edit, then click the Edit() icon.
   Alternatively, click the Ellipsis (...) icon and select Edit.
4. Make changes to the service user's name.
5. Click Save to save the changes to this service user.