Roles
The GCP CIEM data is in Technical Preview status.
Filter and Sort
Sortable Columns
Actionable Risk
Values: Critical, High, Medium, Low
Actionable Risk focuses on unused permissions, while Risk looks at all permissions. Actionable Risk is designed to help you achieve Least Permissive access.
Risk
Values: Critical, High, Medium, Low
This is a calculation of risk based on all permissions. See also: Understanding Risk Scoring.
% of Unused Permissions
This shows the number of unused permissions used with the role, per total permissions assigned to the role, shown as a percentage graph.
When remediating, immediately target the roles with the greatest exposure and refine them according to the suggestions.
Membership
For AWS, this reflects the number of users who can use this role.
For GCP, the membership number reflects the number of users, groups, and/or service accounts who are bound to this role.
Highest Access
See also: Understand Highest Access
Values:
- Admin: Admin access granted
- Write: Write access granted
- Read: Read access granted
- Empty Access: No permissions are granted at all
Findings
The findings on User pages include:
Admin
Inactive
Available Filters
- Search: Free text search on terms in the resource name
- Platform: by provider, e.g. AWS
- Actionable Risks: By severity
- Cloud Accounts: Account name/number by cloud provider (e.g. AWS)
- Access Categories:
Admin
,Write
,Read
, orEmpty Access
- Findings:
Admin
,Inactive
Analyze and Remediate
To reduce a role’s entitlements, click on the role name to open the detail drawer and subtabs. The remediation options for roles work the same way as for Users.
Detail Drawers
The Users page organizes everything around the individual user.
- Overview: Displays the critical permissions issues detected for this role, sorted by Risk and Actionable Risk.
- Attached IAM Policies: Displays the policies to which this role is connected, sorted by unused permissions.
- Role Details: Displays a summary of this role’s total granted permissions, group associations, activity, user ARN ID, and findings.
Optimization Examples
See the User Optimization Examples and follow the same pattern for Roles. You can:
- Analyze the Role Permissions Details
- Optimize a policy globally
- Create a role-specific optimized policy
- Delete an unused policy
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.