Team Members
You can grant team members access to multiple Lacework accounts and different roles for each account. Team members can also have organization-level roles.
Create Team Members for an Account
- Select a role for the member.
- Enter the member's name, email, and company.
- Click Save.
The new member appears in the table.
Account Roles
Lacework supports the following account roles: user and administrator. The following tables display privilege differences between users and administrators.
Application Settings
| Lacework Functionality | User | Administrator |
|---|---|---|
| Settings > Notifications > Alert channels | View only | Full access |
| Settings > Notifications > Alert rules | View only | Full access |
| Settings > Integrations > Cloud accounts | View only | Full access |
| Settings > Integrations > Container registries | View only | Full access |
| Settings > Configuration > Resource groups | View only | Full access |
| Settings > Configuration > API keys | No access | Full access |
| Settings > Configuration > Agents | View only | Full access |
| Settings > Configuration > Report rules | View only | Full access |
| Settings > Configuration > Data export rules | View only | Full access |
| Settings > Configuration > General | View only | Full access |
| Settings > Usage | Only view functionality is available | Only view functionality is available |
| Settings > Usage > Audit Logs | View only | Full access |
| Settings > Usage > Team members | View only your profile | Full access |
| Settings > Authentication | View only | Full access |
AWS, Azure, and GCP Compliance Recommendations
| Lacework Functionality | User | Administrator |
|---|---|---|
| Select a recommendation with a violation and then select the option to suppress this recommendation for a single resource or for all resources. Remove the suppression after it has been added. For more information, see Suppression in AWS Compliance Reports - Using Suppression. | No access | Full access |
| Disable a compliance recommendation entirely by turning it off. Enable a compliance recommendation after it has been turned off. For more information, see Advanced Suppression in AWS Compliance Reports - Using Suppression. | No access | Full access |
Create Team Members for an Organization
- Select a role for the member.
- Enter the member's name, email, and company.
- Determine whether the member is an organization administrator.
If the member is an organization admin, the member has admin privileges for organization settings and admin privileges for all accounts within the organization. Skip to the last step. - Determine whether the member is an organization user. If the member is an organization user, the member has user privileges for organization settings and user privileges for all accounts within the organization. You can still grant the account administrator role for specific accounts.
If the member is not an organization user, the user cannot access organization settings and does not have any privileges for accounts except what you specifically grant in the two following fields. - Select accounts where the member is an account administrator.
- Select accounts where the member is an account user.
- Click Save.
The new member appears in the table.
Organization Roles
Lacework supports the following organization roles: user and administrator.
Members with the organization user role have view only privileges to all organization-level settings. They also have user role access to all underlying accounts within the organization.
Members with the organization administrator role have full access to all organization-level settings. They also have administrator role access to all underlying accounts within the organization.
Create Team Members Using Terraform
For organizations using Terraform to manage their environments, Lacework maintains the Terraform provider for Lacework, which enables configuration of Lacework team members using automation.
If you are new to the Lacework Terraform Provider, or Lacework Terraform Modules, read the Terraform for Lacework Overview to learn the basics on how to configure the provider, and more.
resource "lacework_team_member" "example" {
email = "email@lacework.com
first_name = "Foo"
last_name = "Bar"
company = "Lacework"
}
resource "lacework_team_member" "example" {
email = "email@lacework.com
first_name = "Foo"
last_name = "Bar"
company = "Lacework"
organization {
administrator = true
}
}
Additional information on the lacework_team_member resource can be found on the Terraform Registry.