Skip to main content

Access Control at Organization Level

Create Organization Administrators for an Organization

  1. Log in to the Lacework Console as a Lacework user with organization administrative privileges.
  2. Go to Settings > Access control > Users.
  3. Click + Add New.
  4. Select the user type for the new user as Standard user.
  5. Enter the user's name, email and company.
    You can create multiple users who have the same user type and the same organization-level access by clicking + Add another user.
  6. Click Next.
  7. To make the new user an organization administrator, select Yes to the Will these users be an Organization admin prompt.
    Organization admins are automatically granted the Admin account role for all Lacework accounts within your organization.
note

When you promote an account user to become an organization admin, the promotion will override the user's existing roles at the account level.

  1. Click Save to complete the organization admin creation.

Create Organization Users

  1. Log in to the Lacework Console as a Lacework user with organization administrative privileges.
  2. Go to Settings > Access control > Users.
  3. Click + Add New.
  4. Select the user type for the new user as Standard user.
  5. Enter the user's name, email and company.
    You can create multiple users who have the same user type and the same organization-level access by clicking + Add another user.
  6. Click Next.
  7. To make the new user an organization user, select No to the Will these users be an Organization admin prompt.
    Select Yes to the Will these users be an Organization user prompt.
    Organization users are automatically granted the Read-Only role for all Lacework accounts within your organization.

    Select which Lacework accounts the new user will be an account admin.
    note

    When you promote an account user to become an organization user, the promotion will override the user's existing roles at the account level.

  8. Click Save to complete the organization user creation.

Edit Organization Users

  1. Log in to the Lacework Console as a Lacework user with organization administrative privileges.
  2. Go to Settings > Access control > Users.
  3. Select the organization user you want to edit, then click the Edit (pencil-edit-icon.png) icon.
    Alternatively, click the Ellipsis (...) icon and select Edit.
  4. To make the user an organization administrator, select Yes to the Will these users be an Organization admin prompt.
    Organization admins are automatically granted the Admin account role for all Lacework accounts within your organization.

    To make the user an organization user, select No to the Will these users be an Organization admin prompt.
    Select Yes to the Will these users be an Organization user prompt.
    Organization users are automatically granted the Read-Only role for all Lacework accounts within your organization.
    Select which Lacework accounts the new user will be an account admin.

  5. Click Save to save the changes to this organization user.

Create Standard Users for an Account

  1. Log in to the Lacework Console as a Lacework user with organization administrative privileges.
  2. Go to Settings > Access control > Users.
  3. Click + Add New.
  4. Select the user type for the new user as Standard user.
  5. Enter the user's name, email and company.
    You can create multiple users who have the same user type and the same organization-level access by clicking + Add another user.
  6. Click Next.
  7. Select No to the Will these users be an Organization admin prompt.
    Select No to the Will these users be an Organization user prompt.
  8. Select which Lacework accounts the new user will be an account admin.
    Select which Lacework accounts the new user will be an account user.
  9. Click Save to complete the account user creation.

Create Service Users for an Account

  1. Log in to the Lacework Console as a Lacework user with organization administrative privileges.
  2. Go to Settings > Access control > Users.
  3. Click + Add New.
  4. Select the user type for the new user as Service user.
  5. Enter the user's name and descripiton, then click Next.
    You can create multiple users who have the same user type and user group by clicking + Add another user.
  6. Click Next.
  7. Select the user group for the new user such as Account admin, Power user, or Account user. Click View permission to see the privileges of each user group, or see Account Roles.
  8. Click Save to complete the service user creation.

Removing an Organization Administrator

Deleting an organization administrator from your organization is necessary to maintain proper security on the Lacework platform. For example, if a person leaves the organization, keeping their account active is risky from a security perspective. Keeping an organization administrator account open for a person no longer active with your organization is even riskier.

Deleting a user who is an organization administrator is a two-step procedure. You must first reassign that user to be an organization user. Then, you can remove that team member from the organization.

Reassign an Organization Administrator to be an Organization User

  1. Log in to the Lacework Console as a Lacework user with organization administrative privileges.
  2. Go to Settings > Access control > Users.
  3. Click the Search icon and type the name of the user you want to delete.
  4. Click the Ellipsis (...) icon and select Edit.
  5. From the Org level access drop-down, select Org user.
  6. Click Save. The user is now an organization user.

Delete an Organization User from the Organization

  1. Log in to the Lacework Console as a Lacework user with organization administrative privileges.
  2. Go to Settings > Access control > Users.
  3. Click the Search icon and type the name of the user you want to delete.
  4. Click the Ellipsis icon (...) and select Delete.
  5. Confirm the deletion. See View Users Page.