Permissions Entitlements

Managing InsightCloudSec Entitlements


Group Entitlement Support - Important Information

Beginning with 21.2.3 InsightCloudSec has deprecated support of user-level entitlements in favor of group-level entitlements.

If you are upgrading from versions prior to 21.1, we strongly recommend that you invest the time to create your desired group architecture for entitlements ahead of any planned upgrades to ensure continued access and visibility for your entitlements users.

For questions or concerns reach out to us through the Customer Support Portal.

Entitlement Behavior

--> Conflicting entitlements - If a user is part of multiple groups and entitlements are applied to both groups, the user will receive the most permissive entitlements. For example, if one group gives the user “viewer” entitlement and another provides the user “editor” entitlement, the user will ultimately gain the "editor" entitlement. 

--> Auditing Users - For customers looking to audit their user configurations, we recommend taking advantage of the export feature. Navigate to "Identity Management --> Users" and then click the "Download" button. Use the CSV data to review possible duplicate users and associated entitlements prior to creating your new group structure.

Entitlements, through Basic User Groups, give domain users control over basic users' and organization admins' permissions to access certain parts of the InsightCloudSec platform. As of 21.2.3 these are all managed at a group level through Basic User Groups.

Access to these entitlements are available to administrators through "Administration --> Identity Management" on the "Basic User Groups" tab, as shown in the example below.

Managing EntitlementsManaging Entitlements

Managing Entitlements

Supported Entitlements

Entitlements are currently supported for the following InsightCloudSec platform features:

  • BotFactory
  • Data Collections
  • Scheduled Events
  • Exemptions
  • Resource Groups
  • Infrastructure as Code
  • Insights
  • Tag Explorer
  • Access Explorer (available to customers who have purchased this add-on feature)

The available access entitlements are:

  • Disabled: Disabled completely restricts access to the specified area of the tool. The disabled section (e.g., BotFactory) will not even appear in the navigation menu for this basic user.
  • Viewer: A "viewer" will be able to see and navigate to the specified section of the tool but will not be able to edit or delete anything.
  • Editor: An "editor" will be able to see and edit. Users will also be able to perform certain actions such as start, stop, pause, enable, etc. Editors do not have permission to delete.
  • Admin: With "admin" entitlements users will be able to see the entire section of the tool, as well as edit, and perform delete actions.

Entitlements are mix-and-match, e.g., a Basic User Role or Basic User Group might have "disabled" for BotFactory, but have "editor" entitlement for Tag Explorer. By default, all basic user roles will be given "Viewer" entitlement.

For more information on what the different types of entitlements can do (or not do), review the User Entitlements Matrix.

Editing Group EntitlementsEditing Group Entitlements

Editing Group Entitlements

Configuring Entitlements

1. Navigate to "Administration --> Identity Management" and then select the "Basic User Groups" tab.

2. Select the Basic User Group in which you would like to modify entitlements and select the Actions menu to the left of the name.

Manage Group EntitlementsManage Group Entitlements

Manage Group Entitlements

3. Administrators have several options for managing users/roles/entitlements:

  • Select "Manage Basic Users" to add or remove users from the selected Basic User Group.

    • Individual users are visible under "Administration --> Identity Management --> Users".
  • Select "Manage Basic User Roles" to select from & apply Basic User Roles to your Basic User Group.

    • Note these roles are managed under "Administration --> Identity Management --> Basic User Roles" and apply to cloud accounts and their respective access.
  • Select "Manage Basic User Entitlements" to open the dialog that allows you to select the individual permissions for each feature available for entitlements in the InsightCloudSec platform.

4. Select the Roles you wish to apply to the individual areas of entitlements, and/or select the individual entitlements you want to apply to the Basic User Group. Once you have made the desired changes, click "Submit".

  • These changes will be applied to all users who are members of this group.

Did this page help you?