Skip to main content

Set Lacework Attributes

This topic describes Lacework attributes and how to set them for different accounts.

Lacework Admin Role Accounts Attribute

Lacework Admin Role Accounts adds admin privileges to existing accounts that you specify. You can specify a single account name foo. or multiple comma-separated account names foo,bar,baz.

You can also specify a wildcard *.

For example, if your organization contains these accounts: foo1, foo2, bar1, bar2, baz - you can specify the attribute as *2,baz.

This adds admin privileges to foo2, bar2, and baz. But the person does not have any privileges for foo1 and bar1. To add user privileges for those, you could specify the value *1 for the Lacework User Role Accounts attribute.

If you specify an account for admin privileges, you do not need to specify it for user privileges in the Lacework User Role Accounts attribute. The system ignores accounts that are also in Lacework User Role Accounts and still grants admin privileges to them.

Lacework User Role Accounts Attribute

Lacework User Role Accounts adds user privileges to the existing accounts that you specify. You can specify a single account name or multiple comma-separated account names. You can also specify a wildcard *. For example, your organization contains these accounts: foo1, foo2, bar1, bar2, baz. You specify this attribute as b*.

This adds user privileges to bar1, bar2, and baz. But the person does not have any privileges for foo1 and foo2.

To add user privileges for foo1 as well, you could specify this attribute as foo1,b*.

Another example with the same accounts would be to specify the attribute as *.

And to specify Lacework Admin Role Accounts as bar*.

This gives user privileges for all accounts and admin privileges to only bar1 and bar2.

If you specify an account for admin privileges and user privileges, admin privileges will be granted.

Lacework Organization Admin Role Attribute

Lacework Organization Admin Role provides admin privileges to organization-level settings and admin privileges to all accounts within the organization.

Select true to make the person an organization admin. If the person is an organization admin, you do not need to set any other Lacework attributes; the system ignores any settings in those attributes.

Select false or undefined if the person should not have admin privileges to organization-level settings or admin privileges to all accounts within the organization. If the person is not an organization admin, you can still specify account-level admin and user privileges with the Lacework Admin Role Accounts and Lacework User Role Accounts attributes. You can also specify user privileges to organization-level settings with the Lacework Organization User Role attribute.

Lacework Organization User Role Attribute

Lacework Organization User Role provides user (view-only) privileges to organization-level settings and user privileges to all accounts in the organization.

Select true to make the person an organization user. If the person is an organization user, you can still give account-level admin privileges with the Lacework Admin Role Accounts attribute. The system ignores any settings in the Lacework User Role Accounts attribute.

Select false or undefined if the person should not have any privileges to organization-level settings or user privileges to all accounts in the organization. If the person is not an organization user, you can still specify account-level admin and user privileges with the Lacework Admin Role Accounts and Lacework User Role Accounts attributes.