Groups
Sysdig recommends creating Groups of users and assigning permissions at the Group level rather than the individual User level to facilitate administration tasks.
The GCP CIEM data is in Technical Preview status.
Filter and Sort
Sortable Columns
Actionable Risk
Values: Critical, High, Medium, Low
Actionable Risk focuses on unused permissions, while Risk looks at all permissions. Actionable Risk is designed to help you achieve Least Permissive access.
Risk
Values: Critical, High, Medium, Low
This is a calculation of risk based on all permissions. See also: Understanding Risk Scoring.
% of Unused Permissions
This shows the number of unused permissions per total permissions for the group, shown as a percentage graph.
When remediating, immediately target the groups with the greatest exposure and refine them according to the suggestions.
Membership
The number of users who are part of this group.
Highest Access
See also: Understand Highest Access
Values:
- Admin: Admin access granted
- Write: Write access granted
- Read: Read access granted
- Empty Access: No permissions are granted at all
Findings
The findings on User pages include:
Admin
Inactive
Available Filters
- Search: Free text search on terms in the resource name
- Platform: by provider, e.g. AWS
- Actionable Risks: By severity
- Cloud Accounts: Account name/number by cloud provider (e.g.
AWS
) - Access Categories:
Admin
,Write
,Read
, orEmpty Access
- Findings:
Admin
,Inactive
Analyze and Remediate
To reduce the entitlements for a particular Group, click on the group name to open the detail drawer and subtabs. The remediation options for groups work in a similar way to users and roles.
Detail Drawers
The Groups page organizes everything around the group.
- Overview: Displays the critical permissions issues detected for this group, sorted by Risk and Actionable Risk.
- Users: Displays the list of users assigned to the group, including the user Name, when they were Last Active, and the number of other groups they are part of.
- Attached IAM Policies: Displays the policies to which this group is connected, sorted by unused permissions.
- Group Details: Displays a summary of this group details, including creation date, number of users, number of policies, and ARN details.
Optimization Examples
See the User Optimization Examples and follow the same basic pattern for Groups. You can:
- Analyze the group permissions details
- Create a group-specific optimized policy
- Optimize a policy globally (see example)
- Delete an unused policy
User Permission Warning
The User list in the Groups detail subtab may display a warning emoji when a user has been assigned permissions outside the group.
We recommend streamlining user permissions and using group permissions when possible.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.