Recently Viewed Topics
Example: Access Groups
In this example, we walk through how an organization uses access groups to compartmentalize assets into groups that reflect their organizational structure.
Before you begin:
- Read the Access Groups topic to understand how access groups work.
An organization wants to restrict which employees can see certain assets. This organization has locations in San Francisco and Atlanta. They want only the employees in Atlanta to view information for assets in the Atlanta office. Additionally, only the organization's administrators should be able to view all assets.
Step 1: Create user groups that reflect your organization's structure
The organization wants to easily assign permissions to multiple people at once, rather than each user individually. To do so, an administrator creates a user group and adds users. They create a user group that includes specific employees who work in the Atlanta office; for example, Atlanta vuln analysts. They also create a user group for employees who should have higher levels of access; for example, Administrators. Users can be a part of multiple user groups.
Step 2: Restrict user access to the All Assets access group
By default, All Users have access to All Assets group. The organization wants to use access groups to restrict what assets users can view. Additionally, they only want the user group Administrators to have access to all assets. To ensure the All Assets access group does not override any other access group view restrictions, an administrator must first restrict user access to All Assets.
An administrator does the following:
- Disables All Users access to the All Assets access group.
- Assigns the user group Administrators to the All Assets access group.
Users in the user group Administrators are able to view all assets, regardless of which access groups they are assigned to. Everyone else in the organization is restricted from viewing all assets, and can only view assets in access groups they are assigned to.
Step 3: Create an access group
The organization has locations in San Francisco and Atlanta. They want to allow the employees in Atlanta to manage the assets in their office.
To do this, an administrator:
- Creates an access group for all assets in the Atlanta office called Atlanta Office.
- Sets Asset Rules to filter for the assets in the Atlanta office.
- Assigns the user group Atlanta vuln analysts to the Atlanta Office access group. When Atlanta vuln analysts is added, All Users access is automatically disabled for the access group, meaning only the Atlanta vuln analysts user group has access.
The organization now has an access group containing the organization's Atlanta assets, to which only the Atlanta employees have access.