In Aqua CSPM user permissions are set up in layers. Account Administrators have access to configure all your cloud accounts as well as user and group administration, additionally, Group Administrators can manage the cloud accounts they are assigned to.


TABLE OF CONTENTS


Users and Groups

You can invite additional users to your Aqua CSPM account and create groups to manage them.  

User Types

  1. Standard: These users have read-only access to the cloud accounts that are in the group(s) they belong to.
  2. Group Administrators: These users can manage the group they belong to including the cloud accounts assigned to them, they can add/remove Group Members, trigger scans, and manage cloud account details.
  3. Account Administrators: These users can manage the Aqua CSPM account and have exclusive access to Org Wide Reports. Read more about Reports.


Group Membership

  1. Non-Member: These users do not have any access to the cloud accounts associated with the group.
  2. Group Member: These users have read-only access to the cloud accounts in the group(s) they belong to, with no visibility into other cloud accounts. Can view other users unless the "Users Admin Only" setting is activated in Settings > Security.
  3. Group Admin: These users can manage the group they belong to including the cloud accounts in them.

Security Settings

The Account Management > Settings > Security screen allows Account Administrators to configure advanced security settings.

  1. Global Suppressions for Admins Only: Only account admins can manage global suppressions. When checked, standard users will not be able to create suppressions that apply to all accounts.
  2. All Suppressions for Admins Only: Only account admins can manage suppressions. When checked, standard users will not be able to create or delete any suppressions.
  3. Users Admin Only: Only account admins can view and manage users. When checked, standard users will not be able to view or manage user accounts.
  4. Integrations Admin Only: Only account admins can view and manage integrations and alerts. When checked, standard users will not be able to view or manage integrations and alerts.
  5. Disable Default Emails: When new users are added to the account, should system emails be set to "do not send"?
  6. Disable Default Group: Disabling the Default group prevents cloud accounts from being added to this group, to which all users are a member.


Administration features can be limited using the Security Settings screen where Suppressions, User and Integrations Administration can be limited to Admins Only.