Skip to main content

Team Members

View Users

Go to Settings > Users to display the Users page. The page lists users with access to Lacework.

Use controls to add, enable, or disable individual members. You can also filter, edit, and delete team members. To edit or delete a member, click their options button and select Edit or Delete.

You can perform the following actions with the table:

  • Refresh - Refresh the data in the table.
  • Download as CSV - Click the Download as CSV icon to download the table in CSV format.
  • Select columns - Click the Select columns icon to select which columns to display.
  • Search - Click to search the table.

For each user, click the Status toggle to enable or disable their access. Click the options icon to edit or delete a team member.

Add Team Members

Click + Add New to add a user.

Account Roles

Lacework supports the following account roles:

  • User
  • Administrator

The following tables display privilege differences between users and administrators.

Application Settings

Lacework FunctionalityUserAdministrator
Settings > Notifications > Alert channelsView onlyFull access
Settings > Notifications > Alert rulesView onlyFull access
Settings > Integrations > Cloud accountsView onlyFull access
Settings > Integrations > Container registriesView onlyFull access
Settings > Configuration > Resource groupsView onlyFull access
Settings > Configuration > API keysNo accessFull access
Settings > Configuration > Agent TokensView onlyFull access
Settings > Configuration > Report rulesView onlyFull access
Settings > Configuration > Data export rulesView onlyFull access
Settings > Configuration > GeneralView onlyFull access
Settings > UsageOnly view functionality is availableOnly view functionality is available
Settings > Usage > Audit LogsView onlyFull access
Settings > Usage > Team membersView only your profileFull access
Settings > AuthenticationView onlyFull access

AWS, Azure, and Google Cloud Compliance Recommendations

Lacework FunctionalityUserAdministrator
Select a recommendation with a violation and then select the option to suppress this recommendation for a single resource or for all resources. Remove the suppression after it has been added. For more information, see Suppression in AWS Compliance Reports - Using Suppression.No accessFull access
Disable a compliance recommendation entirely by turning it off. Enable a compliance recommendation after it has been turned off. For more information, see Advanced Suppression in AWS Compliance Reports - Using Suppression.No accessFull access

Vulnerability Exceptions

Lacework FunctionalityUserAdministrator
Manage vulnerability exceptionsView onlyFull access

Organization Roles

Lacework supports the following organization roles: user and administrator.

Members with the organization user role have view only privileges to all organization-level settings. They also have user role access to all underlying accounts within the organization.

Members with the organization administrator role have full access to all organization-level settings. They also have administrator role access to all underlying accounts within the organization.

Multiple Accounts

Team members can have access to more than one account. To see which accounts a member can access, click the number in the Accounts column.

If you are an organization administrator or user, you may have access to multiple accounts. Click the accounts icon near the bottom left corner and select an account to switch to. The organization dashboard is under the Organization heading. If the account you want to switch to is not listed, click View all.

If you have access to multiple accounts, logging in automatically directs you to the last account you used. If that account is not available, the first account alphabetically is used.

Delete Team Members

  1. Log in to the Lacework Console as a Lacework organization administrator.
  2. Go to Settings > Users.
  3. Locate the team member you want to delete, click their options button, and select Delete.

Delete an Organization Administrator

Deleting an organization administrator from your organization is necessary to maintain proper security on the Lacework platform. For example, if a person leaves the organization, keeping their account active is risky from a security perspective. Keeping an organization administrator level account open for a person no longer active with your organization is even riskier.

Deleting a team member who is an organization administrator is a two-step procedure. You must first reassign that team member as an account user. Then, you can delete that team member from the organization.

Reassign the Team Member as an Account User

  1. Log in to the Lacework Console as a Lacework organization administrator.
  2. Go to Settings > Usage > Team members.
  3. Locate the team member you want to delete, click their options button console-cloud-compliance-policy-drawer-options.png, and select Edit.
  4. Select No for Will this member be an organization administrator?.
  5. Select No for Will this member be an organization user?.
  6. Clear all selections for Select accounts for which this member will be an administrator.
  7. Select any account for Select accounts for which this member will be a user.
  8. Click Save.

Delete the Team Member

  1. On the Team Members page, locate the team member you want to delete.
  2. Click their options button console-cloud-compliance-policy-drawer-options.png and select Delete.
  3. Confirm the deletion.