Skip to main content

Access Control at Account Level

Explore roles, user groups, permissions, and access control options at an account level. For more details, see Access Control Overview.

View Roles Page

Go to Settings > Access control > Roles to display the account roles. You can view the role name, user group, and last updated on this page. The Last updated column displays the timestamp when the role was last modified. If no one has modified it before, the Last updated column displays hyphens (--) instead of a timestamp.

Click on each role to display detailed privileges to which the role has access.

Actions for the role list include the following:

  • Refresh data.
  • Download the role list as a CSV file.
  • Select which columns to display in the list.
  • Search for specific roles.

Custom Roles

Lacework uses custom user groups in conjunction with roles to allow you to assign a set of permissions that meet your organization's specific requirements. Just like built-in roles, you can assign custom roles to user groups. For more details, see Create Custom Roles.

View User Groups Page

Go to Settings > Access control > User groups to display all account user groups. You can view the user group name, associated role, and the number of users in each group.

Click on each user group to display the list of users with this role within this Lacework account. From the list, you can view the name, type, and email/unique ID.

Actions for the user group list include the following:

  • Refresh data.
  • Download the user group list as a CSV file.
  • Select which columns to display in the list.
  • Search for specific user groups.

Custom User Groups

Custom user groups allow you to fully customize a set of permissions that meet the specific requirements of your organization. Just like built-in user groups, you can assign roles and users to custom user groups. For more details, see Create Custom User Groups.

View Users Page

Go to Settings > Access control > Users to display all users within this Lacework account. You can view the name, type, email/unique ID, last login, and status on this page. The Last login column displays the updated timestamp when you log in. If you have not logged in before, the Last login column displays hyphens (--) instead of a timestamp.

Click on each user to display details of the user. For Standard users, the user details include name, type, email address, company, user group, and the last activity time. For Service users, the user details include name, type, unique ID, description, user group, last activity time, and API keys.

Use controls to add, enable, or disable individual users. To edit or delete a user, click the Ellipsis(...) icon and select Edit or Delete.

note

You cannot edit a user's email address, company, or unique ID.

Actions for the user list include the following:

  • Refresh data.
  • Download the user list as a CSV file.
  • Select which columns to display in the list.
  • Filter by the user type or user group.
  • Search for specific users.

Add Users

Click + Add new to add a user. For detailed information about adding team members, see Account Users.