TABLE OF CONTENTS


Introduction and definitions

The Permission Sets UI screen allows you to define and manage permission sets.

 

A permission set consists of an access selector and a detailed set of permissions.


Access selector

The access selector defines whether the permission set includes access to functionality in:

  • Both the UI and the API
  • Only the API


Permissions


Permissions are granted to individual items arranged in these categories: Policies, Assets, Compliance, and System. Each item is assigned any of these permissions:

  • Edit: Generally includes the viewing, listing, creation, modification, and deletion of the item in question (either in the UI or via relevant APIs). The meaning of "Edit" is slightly different in some cases, and "Edit" does not apply to every item.
  • View Only: Includes viewing only of the item in question
  • Not Set: No permissions; the item will not even appear in the UI (default)


Policies 


ItemEditView Only
Assurance PoliciesCreate, modify, and delete Assurance Policies (e.g., Image Assurance Policies)View existing Assurance Policies
Image Profiles

Create, modify, and delete Image Profiles

View existing Image Profiles
Firewall PoliciesCreate, modify, and delete Firewall PoliciesView existing Firewall Policies
Runtime PoliciesCreate, modify, and delete Runtime Policies (e.g., Container Runtime Policies)View existing Runtime Policies
Response PoliciesCreate, modify, and delete Response PoliciesView existing Response Policies


Assets


ItemEditView Only
DashboardConfigure the dashboardView the dashboard
Risk ExplorerN/AView the Risk Explorer
ImagesAdd (register) images to Aqua; remove images; profile containersView images already registered to Aqua
Host imagesAdd (register) host images to Aqua; remove host imagesView unregistered host images in the Images screen (Host Images tab); view host images under Compliance / Host Images
FunctionsAdd (register) functions to AquaView functions
EnforcersAdd, modify, and remove Enforcer groups and EnforcersView existing Enforcer groups and Enforcers
ContainersN/AView containers and running workloads
ServicesAdd, modify, and remove Aqua servicesView existing Aqua services
InfrastructureView Infrastructure and run discovery of clusters and hostsView Infrastructure (clusters and hosts)


Compliance


ItemEditView Only
VulnerabilitiesView and acknowledge vulnerabilities discovered during scanningView vulnerabilities discovered during scanning
CIS and DISA STIG BenchmarksView and trigger CIS benchmark and DISA STIG benchmark scansView CIS and DISA STIG benchmark scans in the UI


System


ItemEditView Only
Audit EventsN/AView audit events
SecretsCreate, modify, and delete secretsView existing secrets
SettingsView and modify settingsView the Settings UI screen
IntegrationsView and modify Integrations (with exception of image registry integrations)View the Administration > Integrations UI screen
Image Registry IntegrationsView and modify image registry integrationsView the Administration > Integrations UI screen
Scanner CLIN/AThe permissions required by the Aqua Scanner on the Aqua Server
Webhook authorization APIN/APermission to use the Webhook authorization API
IncidentsN/AView the Incidents UI screen


Operations


Add a permission set


1. In the Aqua UI: Navigate to Account Management > User Management > Permission Sets, and click Add Permission Set.

2. Enter a Name and (optionally) a Description of the permission set.

3. Access selector: Select either UI & API or API Only (see above).

4. Expand each of the categories (Policies, etc.) and select the desired permissions. You can click "Reset to default" to set all permissions to "Not Set". 

5. Click Save to save the permission set.


A permission set might look like this; only the Assets category has been expanded:



Modify a permission set


You can change all parts of a permission set except for its name.


1. In the Aqua UI: Navigate to Account Management > User Management > Permission Sets.

2. Click the name of the permission set you would like to modify.

3. Modify the description and/or individual permissions, in the same manner as when you created the permission set.

4. Click Save to save the permission set.


Delete permission set(s)


You can delete permission set(s) that are not assigned to any roles.


1. In the Aqua UI: Navigate to Account Management > User Management > Permission Sets.

2. Check the box next to the permission set(s) to be deleted, and then click the trashcan icon.

3. In the warning window, click Delete to confirm the action.