Recently I was asked by a someone if they could lock down the Lacework UI because they wanted their finance department to only see the licensing used page, so they could match the subscription to vCPU and their license usage. The answer is YES. You have granular control over the visibility of what a particular user can potentially access within the platform.
- The basic steps are, create a role that has only “read access to whatever you want them to access. (Login to lacework
- Login to Lacework
- Click on the settings menu at the bottom left
- In the “Access Control” section, click on “Roles”
- Click on “+Add New”
- Type in the Name of your choice
- Select the Pages and level of access required for the role
- Click Create
- Create a user group and put that “role” in that group
- Navigate to Settings → User Groups in the “Access Control” Menu group
- Click on “+Add New”
- Type in the Name of your choice
- Select the role from the dropdown menu
- Click the Next Button
- Select the users to be assigned to the new User group (place checkbox next to their user name - if the user does not exist, you can make no selection and just click the save button).
- Click the Save button
- Create or edit the user details so that they are associated with that user group with the limited role permissions.
- Navigate to Settings → Users menu at the bottom left
- Click the “+Add New” or select the three dot menu next to the user and Select Edit then go to step 5
- Type in User name, company, and email
- Choose the user type (in this case standard user)
- Select the user group to be added
- Click save
Agent
N/A
Platform
Using Lacework/Operationalizing
Cloud
N/A