Configure Asset Group permissions (under Inventory).
Asset Groups enable organizations to manage asset groups, such as creating logical groupings of assets, applying policies and rules to asset groups, scoping user access to specific asset groups (SBAC), and supporting automation exclusions by asset group.
Caution
SBAC: Asset Groups form the foundation of Scope-Based Access Control (SBAC). Granting a user View/Edit access to Asset Groups allows them to modify the groups that dictate data access boundaries for other users in the tenant.
The following features are affected:
Asset Groups: → → . For more information, see Asset Groups.
User Groups: When defining or editing a user group, you can scope an asset by defining the access group. For more information, see Scope user access to applications (Application SBAC).
Automations Exclusion Center: When selecting Edit Policy, you can add an Asset Group to exclude the relevant asset class. For more information, see Manage automation exclusion policies.
Permissions | Description | Roles Example |
|---|---|---|
None | No access to the Asset Group Menu, and limited ability to view groups in SBAC and Select groups in Automation Exclusion. | SOC Tier 1 Analyst: Asset group management is not part of the daily operations. |
View | Read-only access to the View Assets Group list, details, members, search and filter groups, and only view groups in SBAC. |
|
View/Edit | All View capabilities, plus create, edit, delete, add assets to a group in SBAC, and select groups in automation exclusion | Security Engineer: Configure and maintain asset groups |