Skip to main content

Team Members

You can grant team members access to multiple Lacework accounts and different roles for each account. Team members can also have organization-level roles.

Create Team Members for an Account

  1. Select a role for the member.
  2. Enter the member's name, email, and company.
  3. Click Save.

The new member appears in the table.

Account Roles

Lacework supports the following account roles: user and administrator. The following tables display privilege differences between users and administrators.

Application Settings

Lacework FunctionalityUserAdministrator
Settings > Notifications > Alert channelsView onlyFull access
Settings > Notifications > Alert rulesView onlyFull access
Settings > Integrations > Cloud accountsView onlyFull access
Settings > Integrations > Container registriesView onlyFull access
Settings > Configuration > Resource groupsView onlyFull access
Settings > Configuration > API keysNo accessFull access
Settings > Configuration > AgentsView onlyFull access
Settings > Configuration > Report rulesView onlyFull access
Settings > Configuration > Data export rulesView onlyFull access
Settings > Configuration > GeneralView onlyFull access
Settings > UsageOnly view functionality is availableOnly view functionality is available
Settings > Usage > Audit LogsView onlyFull access
Settings > Usage > Team membersView only your profileFull access
Settings > AuthenticationView onlyFull access

AWS, Azure, and GCP Compliance Recommendations

Lacework FunctionalityUserAdministrator
Select a recommendation with a violation and then select the option to suppress this recommendation for a single resource or for all resources. Remove the suppression after it has been added. For more information, see Suppression in AWS Compliance Reports - Using Suppression.No accessFull access
Disable a compliance recommendation entirely by turning it off. Enable a compliance recommendation after it has been turned off. For more information, see Advanced Suppression in AWS Compliance Reports - Using Suppression.No accessFull access

Create Team Members for an Organization

  1. Select a role for the member.
  2. Enter the member's name, email, and company.
  3. Determine whether the member is an organization administrator.
    If the member is an organization admin, the member has admin privileges for organization settings and admin privileges for all accounts within the organization. Skip to the last step.
  4. Determine whether the member is an organization user. If the member is an organization user, the member has user privileges for organization settings and user privileges for all accounts within the organization. You can still grant the account administrator role for specific accounts.
    If the member is not an organization user, the user cannot access organization settings and does not have any privileges for accounts except what you specifically grant in the two following fields.
  5. Select accounts where the member is an account administrator.
  6. Select accounts where the member is an account user.
  7. Click Save.

The new member appears in the table.

Organization Roles

Lacework supports the following organization roles: user and administrator.

Members with the organization user role have view only privileges to all organization-level settings. They also have user role access to all underlying accounts within the organization.

Members with the organization administrator role have full access to all organization-level settings. They also have administrator role access to all underlying accounts within the organization.

Create Team Members Using Terraform

For organizations using Terraform to manage their environments, Lacework maintains the Terraform provider for Lacework, which enables configuration of Lacework team members using automation.

If you are new to the Lacework Terraform Provider, or Lacework Terraform Modules, read the Terraform for Lacework Overview to learn the basics on how to configure the provider, and more.

Configure a Team Member in Lacework
resource "lacework_team_member" "example" {
email = "email@lacework.com
first_name = "Foo"
last_name = "Bar"
company = "Lacework"
}
Configure an Organizational Account Team Member in Lacework
resource "lacework_team_member" "example" {
email = "email@lacework.com
first_name = "Foo"
last_name = "Bar"
company = "Lacework"
organization {
administrator = true
}
}

Additional information on the lacework_team_member resource can be found on the Terraform Registry.