Manage workspace delegation

This topic explains workspace delegation, the privileges that are assigned to delegates for the workspaces that they manage, and how cloud security administrators can assign and remove delegates to/from workspaces in the cloud environment.

Workspace delegation

The cloud security administrator may want to delegate management of single or multiple cloud workspaces to other administrators in the organization. These additional administrators, or delegates, have permissions to create, edit, and delete SCA policies for identities associated with their workspaces. In addition, delegates may receive on-demand access requests from identities that want to access the workspaces they manage, and can manually approve or reject these requests according to the methods defined in the on-demand access settings.

The Workspace delegation view displays the following information:

Workspace delegation view

Item

Description

Workspace

The name of the workspace as it appears in the cloud provider

Workspace type

The cloud provider and type of workspace, for example a Google Cloud project or an Azure directory or subscription

Delegates

The identities that have been assigned to manage the workspace

Add delegates to a workspace

You can delegate a workspace to users, roles, and groups in your organization. The SCA administrator role is automatically assigned to the delegated identity to provide the necessary permissions.

To add a delegate to a workspace

  1. In the Workspace delegation view, click Add delegates and select a cloud provider.

  2. In the Delegate workspaces page > Select the workspaces area, click Add workspace.

  3. In the Add workspaces window, check the relevant workspace checkboxes and click Add.

  4. In the Assign delegates area, click Add delegates.

  5. In the Select delegates window, check the relevant identities or assets and click Select.

    • Use the Type and Source filters to help narrow the results in the table.

    • Click the X on the right side of the table row to remove a workspace or a delegate.

  6. When you finish assigning delegates to the workspaces, click Add delegates.

Edit or remove a workspace delegation

  1. Click the More options icon on the right side of the row for the relevant workspace and select Edit.

  2. Add or remove delegates as needed, and click Save.

    If you remove all the delegates from a workspace, this effectively removes the workspace delegation and it will no longer appear in the Workspace delegation page.