Permission Sets
TABLE OF CONTENTS
Introduction and definitions
The Permission Sets UI screen allows you to define and manage permission sets.
A permission set consists of an access selector and a detailed set of permissions.
Access selector
The access selector defines whether the permission set includes access to functionality in:
- Both the UI and the API
- Only the API
Permissions
Permissions are granted to individual items arranged in these categories: Policies, Assets, Compliance, and System. Each item is assigned any of these permissions:
- Edit: Generally includes the viewing, listing, creation, modification, and deletion of the item in question (either in the UI or via relevant APIs). The meaning of "Edit" is slightly different in some cases, and "Edit" does not apply to every item.
- View Only: Includes viewing only of the item in question
- Not Set: No permissions; the item will not even appear in the UI (default)
Policies
| Item | Edit | View Only |
|---|---|---|
| Assurance Policies | Create, modify, and delete Assurance Policies (e.g., Image Assurance Policies) | View existing Assurance Policies |
| Image Profiles | Create, modify, and delete Image Profiles | View existing Image Profiles |
| Firewall Policies | Create, modify, and delete Firewall Policies | View existing Firewall Policies |
| Runtime Policies | Create, modify, and delete Runtime Policies (e.g., Container Runtime Policies) | View existing Runtime Policies |
| Response Policies | Create, modify, and delete Response Policies | View existing Response Policies |
Assets
| Item | Edit | View Only |
|---|---|---|
| Dashboard | Configure the dashboard | View the dashboard |
| Risk Explorer | N/A | View the Risk Explorer |
| Images | Add (register) images to Aqua; remove images; profile containers | View images already registered to Aqua |
| Host images | Add (register) host images to Aqua; remove host images | View unregistered host images in the Images screen (Host Images tab); view host images under Compliance / Host Images |
| Functions | Add (register) functions to Aqua | View functions |
| Enforcers | Add, modify, and remove Enforcer groups and Enforcers | View existing Enforcer groups and Enforcers |
| Containers | N/A | View containers and running workloads |
| Services | Add, modify, and remove Aqua services | View existing Aqua services |
| Infrastructure | View Infrastructure and run discovery of clusters and hosts | View Infrastructure (clusters and hosts) |
Compliance
| Item | Edit | View Only |
|---|---|---|
| Vulnerabilities | View and acknowledge vulnerabilities discovered during scanning | View vulnerabilities discovered during scanning |
| CIS and DISA STIG Benchmarks | View and trigger CIS benchmark and DISA STIG benchmark scans | View CIS and DISA STIG benchmark scans in the UI |
System
| Item | Edit | View Only |
|---|---|---|
| Audit Events | N/A | View audit events |
| Secrets | Create, modify, and delete secrets | View existing secrets |
| Settings | View and modify settings | View the Settings UI screen |
| Integrations | View and modify Integrations (with exception of image registry integrations) | View the Administration > Integrations UI screen |
| Image Registry Integrations | View and modify image registry integrations | View the Administration > Integrations UI screen |
| Scanner CLI | N/A | The permissions required by the Aqua Scanner on the Aqua Server |
| Webhook authorization API | N/A | Permission to use the Webhook authorization API |
| Incidents | N/A | View the Incidents UI screen |
Operations
Add a permission set
1. In the Aqua UI: Navigate to Account Management > User Management > Permission Sets, and click Add Permission Set.
2. Enter a Name and (optionally) a Description of the permission set.
3. Access selector: Select either UI & API or API Only (see above).
4. Expand each of the categories (Policies, etc.) and select the desired permissions. You can click "Reset to default" to set all permissions to "Not Set".
5. Click Save to save the permission set.
Modify a permission set
You can change all parts of a permission set except for its name.
1. In the Aqua UI: Navigate to Account Management > User Management > Permission Sets.
2. Click the name of the permission set you would like to modify.
3. Modify the description and/or individual permissions, in the same manner as when you created the permission set.
4. Click Save to save the permission set.
Delete permission set(s)
You can delete permission set(s) that are not assigned to any roles.
1. In the Aqua UI: Navigate to Account Management > User Management > Permission Sets.
2. Check the box next to the permission set(s) to be deleted, and then click the trashcan icon.
3. In the warning window, click Delete to confirm the action.
Did you find it helpful? Yes No
Send feedback