Resource Group Management
Purpose
This document describes the procedure to manage resource group in the portal.
Introduction
IAM (Identify and Access management) is the portal’s user management page that control access to resources. IAM is used to control who is authenticated (signed in) and authorized (has permissions) to use resources.
In IAM under the Users tab you can add new users and edit existing ones. For a user to have access within the portal they need to be assigned a Role and a Resource group. In the Roles tab there are some baseline roles pre-configured by Outpost24, these can not be edited but custom roles can be created by pressing + Add role in the bottom right corner. The Resource group has by default only All resources pre-configured which cannot be edited, If you would like to specify what assets and access the user should have, you need to add new groups.
Role-Based Access Control
IAM uses Role-Based Access Control (RBAC) to restrict access depending on a user's role within the system. The roles in RBAC refer to the levels of access that users have to resources on the network. RBAC is a method of regulating access to system resources based on the roles of individual users within the organization. Access is granted on a need-to-know basis.
Resource Group Management in IAM
To navigate to this section,
Log in to OUTSCAN / HIAB.
Go to Main Menu > Portal.
Click the Account icon in the upper right corner.
Select the IAM card to access the IAM page.
This displays the Identity Access Management page which is divided in three tabs, Users, Roles, and Resource Groups.
Resource Groups
A Resource Group is a group containing all the relevant tags for an entity and it defines the resources the user can access. The access to the resources (like assets or configurations) is based on a tag system. Tags can be set on resources and form a Resource group. The resource groups assigned to a user determines the users access to the resources with that tag. All resources that can be restricted have settable tags, and each tag can be assigned to one or multiple resource groups. A resource group can be assigned to multiple users, and one user can be assigned to one or more resource groups. A combination of multiple tags is treated as an OR combination, for example if a user has tags location:sydney and cloud:aws, the user will see all assets where any of these two tags is set.
The access to the resources like assets or configurations is based on tags which can form a logical container called a resource group. The resource groups assigned to the user determine the resources the user can access.
All resources is the built-in resource group that gives access to everything. Edit and Delete actions are not allowed on the built-in resource groups.
Resources that can form a resource group:
AppStakTM
Asset groups
Assets
Configurations
Credentials
Scheduled reports
Managed reports
Dashboards
View templates
Events
The tags set on these resources are inherited by the resources closely associated with them:
Findings, compliance findings, matches, and services inherit tags from assets.
Example
Setting a tag "location:sydney" on an asset lets all findings associated with this asset to inherit the "location:sydney" tag.
Scans inherit tags from configurations.
A user with an access restriction set on SCANCONFIGURATION, is not allowed to create any scan configurations.
Combination of multiple tags in a resource group is treated with AND combination.
Example
If a user has a resource group with tags "location:sydney" and "cloud:aws", the user will see only assets where BOTH of these two tags are set.
The asset can additionally have other tags. It will not have any impact on the RBAC rules.
Example
Scenario 1: One tag in a resource group
If the user has access to a resource group with a tag tag-a, the following assets are displayed:
asset1 (tag-a)
asset3 (tag-c) (tag-a) (tag-d)
asset2 (tag-a) (tag-b)
The user will not see:
asset4 (tag-k) (tag-o)
Scenario 2: Two tags in a resource group
If the user has access to a resource group with two tags tag-a and tag-b, the following assets are displayed:
asset5 (tag-a) (tag-b)
asset6 (tag-b) (tag-k) (tag-p) (tag-a)
The user will not see:
asset7 (tag-a)
asset8 (tag-b)
asset9 (tag-k) (tag-a) (tag-m)
asset10 (tag-n) (tag-d)
Add Resource Group
To add a resource group:
Click on the +Add group button located on the bottom right of the window. It opens the Add resource group dialog.
In the Name field, provide a name for the new group..
Select the permission levels and add required tags.
For more information about tags, see Tags document.
Option | Description |
|---|---|
None | Denies access to the respective item. |
Some | Allows the user to access that item based on the tags added. |
All | Allows the user to access that item based on any tag. |
Click the blue ADD button to finish the new group.
The newly added resource group is shown in the RESOURCE GROUPS view.
Resource groups added by the user can be customized or deleted.
Edit / Update an Existing Resource Group
To edit a resource group:
Click on the edit
icon on the right hand side of the row of the resource group you want to edit.
Make the necessary changes and click UPDATE to save the changes made.
Delete a Resource Group
To remove a resource group:
Click on the Delete
icon on the right hand side of the row of the resource group you want to remove. Click DELETE to confirm removal of that group.
Related Articles
Copyright
© 2025 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.