TABLE OF CONTENTS


Introduction

In Aqua, the administration is set up in layers. System Administrators have access to configure all your accounts as well as user and group administration. Group Administrators can only manage the group they are assigned to along with all the cloud accounts in that group.


Admin types

  1. Group Administrators: These users can manage the group they belong to including the cloud accounts assigned to them. They can add/remove group members (from all existing users in the account), trigger scans, and manage cloud account details.
  2. System Administrators: These users can add and remove users, manage groups, define and manage roles, permission sets, application scopes, and SSO group mappings.

Security settings

The Account Management > Settings > Security screen allows the system administrators to configure advanced security settings.

  1. Global Suppressions for Admins Only: Only system admins can manage global suppressions. When checked, standard users will not be able to create suppressions that apply to all accounts.
  2. All Suppressions for Admins Only: Only system admins can manage suppressions. When checked, standard users will not be able to create or delete any suppressions.
  3. Users Admin Only: Only system admins can view and manage users. When checked, standard users will not be able to view or manage user accounts.
  4. Integrations Admin Only: Only system admins can view and manage integrations and alerts. When checked, standard users will not be able to view or manage integrations and alerts.
  5. Disable Default Emails: When new users are added to the account, should system emails be set to "do not send"?
  6. Disable Default Group: Disabling the default group prevents cloud accounts from being added to this group, to which all users are a member.


Administration features can be limited using the Security Settings screen where Suppressions, User and Integrations Administration can be limited to Admins Only.