Access Control at Account Level
Custom Roles
Create Custom Roles
- Log in to the Lacework Console as a Lacework user with account administrative privileges.
- Go to Settings > Access control > Roles.
- Click + Add New.
- Name the role.
- Select the permissions you want to include in the role.
- Click Create.
note
Each account can have up to 15 custom roles.
Edit Custom Roles
- Log in to the Lacework Console as a Lacework user with account administrative privileges.
- Go to Settings > Access control > Roles.
- Select the custom role you want to edit, then click the Edit () icon.
Alternatively, click the Ellipsis (...) icon and select Edit. - Make changes to the role name or permissions.
- Click Save to save the changes to this custom role.
Add Custom Roles to Custom User Groups
- Log in to the Lacework Console as a Lacework user with account administrative privileges.
- Go to Settings > Access control > User group.
- Select the custom user group you want to add the custom role to then click the Edit () icon.
Alternatively, click the Ellipsis (...) icon and select Edit. - From the Role dropdown menu, select the custom role.
- Click Save.
note
A custom user group can have multiple custom roles added to it.
Custom User Groups
Manage Users in User Groups
- Log in to the Lacework Console as a Lacework user with account administrative privileges.
- Go to Settings > Access control > User groups.
- Select the user group you want to access, then click Users to see all users in this group.
Alternatively, click the Ellipsis (...) icon and select Manage users.
Click In this account to see all users of this account.
Click Organization user to see all users of this user group who are also organization users. - Click Add more users to add users to this user group. Use the search function to quickly find the user you want to add, then select the checkboxes next to each user.
Click Save to add the selected users to this user group.
To remove users from a user group, select the checkboxes next to those users, then click Remove.
note
For user groups that currently have no users, click Add users to assign existing standard users to this user group.
Create Custom User Groups
- Log in to the Lacework Console as a Lacework user with account administrative privileges.
- Go to Settings > Access control > User groups.
- Click + Add New.
- Name the user group.
- From the Role dropdown menu, select the role you want to add to this user group.
- Click Next.
- Add users to the new user group. See Manage Users in User Groups.
- Click Save.
Edit Custom User Groups
- Log in to the Lacework Console as a Lacework user with account administrative privileges.
- Go to Settings > Access control > User groups.
- Select the custom user group you want to edit, then click the Edit () icon.
Alternatively, click the Ellipsis (...) icon and select Edit. - Click Details, then make changes to the user group name or role.
- Click Save to save the changes to this custom user group.
- Click Users, then add or remove users from this user group. For more details, see Manage Users in User Groups.
Delete Custom User Groups
- Log in to the Lacework Console as a Lacework user with account administrative privileges.
- Go to Settings > Access control > User groups.
- Select the custom user group you want to edit, then click the Delete () icon.
Alternatively, click the Ellipsis (...) icon and select Delete. - Confirm the deletion.
Users
Create Standard Users for an Account
- Log in to the Lacework Console as a Lacework user with account administrative privileges.
- Go to Settings > Access control > Users.
- Click + Add New.
- Select the user type for the new user as Standard user.
- Enter the user's name, email and company, then click Next.
You can create multiple users who have the same user type and user group by clicking + Add another user. - Select the user group for the new user such as Account admin, Account power user, or Account read-only user. Click View permission to see the privileges of each user group, or see Account Roles.
- Click Save to complete the user creation.
Create Service Users for an Account
- Log in to the Lacework Console as a Lacework user with account administrative privileges.
- Go to Settings > Access control > Users.
- Click + Add New.
- Select the user type for the new user as Service user.
- Enter the user's name and descripiton, then click Next.
You can create multiple users who have the same user type and user group by clicking + Add another user. - Select the user group for the new user such as Account admin, Account power user, or Account read-only user. Click View permission to see the privileges of each user group, or see Account Roles.
- Click Save to complete the user creation.
Edit Standard Users of an Account
- Log in to the Lacework Console as a Lacework user with account administrative privileges.
- Go to Settings > Access control > Users.
- Select the user you want to edit, then click the Edit () icon.
Alternatively, click the Ellipsis (...) icon and select Edit. - Make changes to the user's name, or assign the user to a different user group. See Account Roles.
- Click Save to save the changes to this user.
Edit Service Users of an Account
- Log in to the Lacework Console as a Lacework user with account administrative privileges.
- Go to Settings > Access control > Users.
- Select the service user you want to edit, then click the Edit() icon.
Alternatively, click the Ellipsis (...) icon and select Edit. - Make changes to the service user's name.
- Click Save to save the changes to this service user.