Cloud Services

Compliance and Security Operations

Users and roles management
Published On Jun 04, 2024 - 8:45 AM

Users and roles management

Add and manage users to the Compliance and Security Operations service and assign the appropriate roles.
The
Platform Administrator
 role, which is the out-of-the-box role granted to you when the tenant is first created, is the only role that includes all these permissions. Alternatively, as a
Platform Administrator
, you can create Custom Roles and assign them the permissions needed to invite users.

User access control

Security and Compliance Operations supports two user roles:
  • Compliance Administrator
  • Compliance Viewer
The following table presents the privilege for each role:
Compliance and Security Operations role matrix
Role
Description
Functions
CompSecOps Administrator
Administrator role for management of CompSecOps application.
  • View executive Dashboard
  • Add, edit, and delete Organization User
  • Add, edit, delete, and view Scan Jobs
  • Add, edit, delete, and view Asset Repository
  • Add, edit, delete, and view Applications
  • Search Query and Export Results to CSV file
CompSecOps Viewer
Read-only role for Budget Service.
  • View executive Dashboard
  • View Scheduled Jobs
  • View Asset Repository
  • View Applications
  • Search Query & Export Results in CSV file

Add users to the current organization

The IAM Users page allows you to manage users and their roles. Using it, you can control your access management needs, such as adding users and assigning roles quickly and efficiently. Use the following procedure to add users and assign the appropriate role to each:
  1. From the landing page, click the
    Main menu
     icon.
  2. Click the
    Admin
     drop-down menu.
  3. Click
    IAM
    . The application navigates to IAM and defaults to the
    Users
     tab.
  4. Click
    Add New
     located in the top right corner to display a menu of options.
  5. Select
    Invite Users
    . IAM navigates to the
    Invite Users
     page,
    Enter Email Address(es)
     station.
  6. Add the e-mail address for all users you want to add as a comma separated list.
    If you are adding multiple users, all the submitted users are assigned the roles you select in the next step (
    Access Policies
    ).
  7. Click
    Continue
    . IAM advances to the
    Add users to access group(s)
     station.
  8. Click
    Continue
    . IAM Advances to the
    Access Policies
     station.
  9. Click the down arrow in the field labeled ''Select service you want to assign access to''. The application displays a drop-down menu with a list of services.
  10. Select
    Compsecops.
     The application displays the CompSecOps role options.
  11. Click the appropriate
    Service role
     for Compliance and Security Operations:
    1. Compliance Administrator
    2. Compliance Viewer
      Compliance Administrator confers all the rights conferred by Compliance Viewer plus other additional rights. You should therefore select only one Service role.
  12. Click
    Add
    . IAM Adds the user to the current organization (Compliance and Security Operations instance). To add a user to a separate instance, use the procedure in the following section
    Add users to a specific sub-organization
    .
  13. Click
    Invite
    .
The added user receives an e-mail invitation with a link to the application (Compliance and Security Operations) and login credentials. Upon logging in the first time, the user is required to change the login password.

Add users to a specific sub-organization

Adding a user to a different organization (alternative instance), is the same process as adding it to a current instance, until you advance to the Access Polices station (step 9). On this page, IAM defaults to
All Resources
 under Select Scope. To add a user to a different organization, use the following procedure:
  1. Follow the previous procedure, steps 1 through 9.
  2. Select
    Resources based on selected attributes
    . IAM then provides a list of sub-organizations to which the user can be assigned.
  3. Under ''You can scope access to either access tags or any other attribute for the selected service above'', select
    Attribute
    .
  4. Under ''Please select Resource Type from the list'' heading, select
    comsecops
    .
  5. Under ''Attribute Name'', select
    organization
    .
  6. Under ''Attribute Value', select the appropriate sub-organization from the drop-down list.
  7. Select the appropriate service role.
  8. Click
    Add
    .
  9. Click
    Invite
    .
The added user receives an e-mail invitation with a link to the application (Compliance and Security Operations) and login credentials. Upon logging in the first time, the user is required to change the login password.
Do you have two minutes for a quick survey?
Take Survey