Resource Group Management
Last Updated: 2025-04-29
Purpose
This article describes the procedure to manage resource group in the portal.
Introduction
In Outpost24’s IAM framework, Resource Groups form the bridge between users’ permissions and the actual resources they can access. Each resource group is defined by tags attached to assets, scan configurations, reports, dashboards, and more; by assigning a user to one or more resource groups, you control which tagged resources that user can see or manage. This approach makes access control both fine-grained and scalable—especially in larger environments—because you don’t have to assign permissions per object, you simply group resources via tags and then control access at the group level.
Accessing IAM
To navigate to this section,
Log in to the Portal. See the Logging in to the portal article for the different ways to access the Portal view.
Click the Account icon in the upper right corner.
Note that the initials in the icon may change depending on username.
In the context menu, select Identity Access Management (IAM) to access the IAM page.
This displays the Identity Access Management page which is divided in three tabs, Users, Roles, and Resource Groups.
Resource Groups Management
A Resource Group is a group containing all the relevant tags for an entity and it defines the resources the user can access. The access to the resources (like assets or configurations) is based on a tag system. Tags can be set on resources and form a Resource group. The resource groups assigned to a user determines the users access to the resources with that tag. All resources that can be restricted have settable tags, and each tag can be assigned to one or multiple resource groups. A resource group can be assigned to multiple users, and one user can be assigned to one or more resource groups. A combination of multiple tags is treated as an OR combination, for example if a user has tags location:sydney and cloud:aws, the user will see all assets where any of these two tags is set.
The access to the resources like assets or configurations is based on tags which can form a logical container called a resource group. The resource groups assigned to the user determine the resources the user can access.
All resources is the built-in resource group that gives access to everything. Edit and Delete actions are not allowed on the built-in resource groups.
Resources that can form a resource group:
Asset groups
Assets
Configurations
Credentials
Scheduled reports
Managed reports
Dashboards
View templates
Events
The tags set on these resources are inherited by the resources closely associated with them:
Findings, compliance findings, matches, and services inherit tags from assets.
Example
Setting a tag "location:sydney" on an asset lets all findings associated with this asset to inherit the "location:sydney" tag.
Scans inherit tags from configurations.
A user with an access restriction set on SCANCONFIGURATION, is not allowed to create any scan configurations.
Combination of multiple tags in a resource group is treated with AND combination.
Example
If a user has a resource group with tags "location:sydney" and "cloud:aws", the user will see only assets where BOTH of these two tags are set.
The asset can additionally have other tags. It will not have any impact on the RBAC rules.
Example
Scenario 1: One tag in a resource group
If the user has access to a resource group with a tag tag-a, the following assets are displayed:
asset1 (tag-a)
asset3 (tag-c) (tag-a) (tag-d)
asset2 (tag-a) (tag-b)
The user will not see:
asset4 (tag-k) (tag-o)
Scenario 2: Two tags in a resource group
If the user has access to a resource group with two tags tag-a and tag-b, the following assets are displayed:
asset5 (tag-a) (tag-b)
asset6 (tag-b) (tag-k) (tag-p) (tag-a)
The user will not see:
asset7 (tag-a)
asset8 (tag-b)
asset9 (tag-k) (tag-a) (tag-m)
asset10 (tag-n) (tag-d)
Add Resource Group
To add a resource group:
Click on the +Add group button located on the bottom right of the window. It opens the Add resource group dialog.
In the Name field, provide a name for the new group..
Select the permission levels and add required tags.
For more information about tags, see Tags document.
Option | Description |
|---|---|
None | Denies access to the respective item. |
Some | Allows the user to access that item based on the tags added. |
All | Allows the user to access that item based on any tag. |
Click the blue ADD button to finish the new group.
The newly added resource group is shown in the RESOURCE GROUPS view.
Resource groups added by the user can be customized or deleted.
Edit / Update an Existing Resource Group
To edit a resource group:
Click on the edit
icon on the right hand side of the row of the resource group you want to edit.
Make the necessary changes and click UPDATE to save the changes made.
Delete a Resource Group
To remove a resource group:
Click on the Delete
icon on the right hand side of the row of the resource group you want to remove. Click DELETE to confirm removal of that group.
Related Articles
Copyright
© 2025 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.