Add and manage users for your organization in VMware Aria Automation for Secure Clouds

User access to VMware Aria Automation for Secure Clouds is primarily managed through the VMware CSP Dashboard. To invite, remove, and otherwise manage user permissions in CSP, you must be logged in to VMware CSP as an Organization Owner for your deployment. You can refer to this image as an example of what your account permissions should look like.

Organization Owner Permissions

Review the rest of this section for instructions to add new users to your organizations and projects, as well as manage permissions for existing users.

Add a new organization user

Follow these directions to add a user to VMware Aria Automation for Secure Clouds as an organization admin, analyst, or viewer. As a reminder, organization users have access to the top-level context in your deployment and can see findings, reports, suppressions, and other features for every project and cloud account in your organization.

  1. From the VMware CSP Dashboard, navigate to Identity & Access Management > Active Users.
  2. Click Add Users.
  3. In the Users field, enter the email addresses of the users you would like to invite.
  4. Under Assign Organization Roles, select a CSP role for the user. If they need to manage access for other users, select Organization Owner. Otherwise, select Organization Member.
  5. Click Add Service Access, choose VMware Aria Automation for Secure Clouds, and pick a service role for the user.
  6. Click Add to send the invite.

You can refer to this image as a guide for creating one type of organization user CSP profile.

Organization user example

The user should onboard into as an organization admin with all associated permissions, but since they have member status in CSP they can't add new users or edit service roles themselves.

Add a new project user

Follow these directions to add a user as a project admin, analyst, or viewer. As a reminder, project users don't have access to the organization context and can only see findings, reports, suppressions, and other features for the projects they have access to. Adding a project user has two distinct processes: You must add the user in VMware CSP to give them access to your deployment, then assign them access to one or more projects from the VMware Aria Automation for Secure Clouds dashboard.

Grant VMware Aria Automation for Secure Clouds access in VMware CSP

  1. From the VMware CSP Dashboard, navigate to Identity & Access Management > Active Users.
  2. Click Add Users.
  3. In the Users field, enter the email addresses of the users you would like to invite.
  4. Under Assign Organization Roles, select the Organization Member CSP role.
  5. Click Add to send the invite.

You can refer to this image as a guide when creating a project user's CSP profile.

Project user example

The user should onboard with no organization permissions. Do not assign a service role if you want to onboard them as a project user.

Grant project access in VMware Aria Automation for Secure Clouds

To add the user to a project, open the product dashboard and follow these steps:

  1. From the dashboard, navigate to Settings > Projects.
  2. Find the project you want to add a user to and click View Detail.
  3. From the project detail page, click +Access.
  4. Look up the user by name and choose a role to determine their access. You can add multiple users this way. You can also assign project access to a group here, if using one. Note: The user must accept the invite you sent them to VMware Aria Automation for Secure Clouds in the previous steps before they can be added to a project. Once they're onboarded, anyone with organization admin access can add or remove them from a project, even if they're not an owner in CSP. Project admins can also add or remove access for the projects they have permissions for.
  5. Once all selections are made, Click Add to close the window.

You can refer to this image as a guide when adding one or more users to a project.

Add user to project

In this example, the user is granted access to a project as an analyst, giving them limited access to reporting, alerts, suppressions, and other features to help investigate and resolve security findings.

Modify user group roles

If necessary, you can change permissions for a user or group after initial setup. For example, you can follow these steps to remove a user or group's organization viewer role while retaining any project access they have.

  1. From the CSP dashboard, navigate to Identity & Access Management > Active Users.

  2. Search for the user or group and click the double arrow icon next to their name to expand their role. If you see (Limited) next to the service role, it means they have access to a project. If the service role does not have a limited label, then they have organization access.

    Modify roles

  3. Click Edit Roles.

  4. Remove the service role and click Save.

To adjust project access, go to the dashboard and refer to the steps for granting project access.

check-circle-line exclamation-circle-line close-line
Scroll to top icon