Help Center/ SecMaster/ User Guide/ Workspaces/ Workspace Agencies/ Creating a Workspace Agency
Updated on 2024-12-28 GMT+08:00
View PDF

Creating a Workspace Agency

Workspace Agency Overview

A workspace agency allows you to perform cross-account secure operations. You can centrally view asset risks, alerts, and incidents in workspaces of other users.

SecMaster allows you to create agencies to authorize other users in the project to manage your workspaces. This way, other users can view asset risks, alerts, and incidents and perform security operations for you in a unified manner.

Table 1 Workspace hosting process

Procedure

Description

Step 1: Create an Agency View

You need to create an agency view to manage the delegation that other users give you for workspace hosting.

Step 2: Create an Agency

SecMaster allows you to create agencies to authorize other users in the project to manage your workspaces. This way, other users can view asset risks, alerts, and incidents and perform security operations for you in a unified manner.

Step 3: Authorize an Agency

You need to grant permission to other users to manage your workspaces and they need to accept your delegation to attach your workspaces to their workspaces.

  1. After you create an agency, authorize the user you specified in the agency to manage your workspaces.
  2. Choose Workspaces > Agencies > Workspaces Managed by Me and accept workspaces that need to be managed by you centrally.

The accepted workspaces will be attached to your workspaces.

Limitations and Constraints

  • The specifications of the workspace agency views and the number of workspaces are as follows:
    • A maximum of one workspace agency view can be created for an account in a region.
    • A maximum of 150 workspaces from different regions and accounts can be managed by a workspace agency view.
    • A maximum of 10 agencies can be created for an account.

Step 1: Create an Agency View

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Agencies.

    Figure 1 Agencies

  5. On the Agency Views tab, click Create Agency View. The Create Agency View slide-out panel is displayed.
  6. Configure parameters required for creating the agency view.

    Table 2 Parameters for creating an agency view

    Parameter

    Description

    Agency View Name

    Name of the agency view.

    Workspace Name

    The workspace you want to bind to the agency view.

    (Optional) Description

    Description of the agency view.

  7. Click OK.

    The created agency view will be displayed on the Agency Views tab.

Step 2: Create an Agency

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Agencies.

    Figure 2 Agencies

  5. Click Create Agency in the upper right corner of the page.
  6. On the Create Agency slide-out is displayed, configure agency parameters.

    Table 3 Parameters for creating an agency

    Parameter

    Description

    Initiated By

    Agency creator.

    Agency Created By

    Workspace

    A workspace to be managed by this agency.

    Agency Accepted By

    Account

    Account name of the user who delegate the management permission to this agency. Take the following steps to obtain the account name:

    1. Log in to the management console, hover the mouse over the username in the upper right corner, and select My Credentials from the drop-down list. The API Credentials page is displayed by default.
    2. On the API Credentials page, obtain the Account Name.
      Figure 3 Account Name

    Agency View

    An existing agency view.

    Agency Details

    Agency Name

    Name of the agency

    Agency Duration

    How long the agency works

    Agency Status

    Agency permission policy.

    You can query the meaning of a policy in IAM. To view the meaning, perform the following steps:

    1. Log in to the management console, hover the mouse over the username in the upper right corner, and select Identity and Access Management from the drop-down list. The IAM users page is displayed.
    2. In the navigation pane on the left, choose Permissions > Policies. On the Policies page, enter the policy name in the search box.

      View the meaning and scope of the policy.

    Description

    Description of the agency

  7. Click Confirm.

Step 3: Authorize an Agency

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Agencies.

    Figure 4 Agencies

  5. On the Agencies page, click the Workspaces Managed by Me tab. In the row containing the workspace you want to manage, click Accept in the Operation column.

    If the system displays a message indicating that you are not authorized when you try to accept an agency, get authorization by referring to Authorizing SecMaster first.

  6. In the displayed dialog box, click OK.

Follow-up Operations

Choose Workspaces > Management, click the name of the created agency view. You can view details about workspaces managed in the agency view.

Related Operations

  • Editing an agency view
    1. Locate the row that contains the agency view, and click Edit in the Operation column.
    2. On the Edit Agency View slide-out panel, modify the parameters and click OK.
  • Deleting an agency view
    1. Locate the row that contains the agency view, and click Delete in the Operation column.
    2. In the displayed dialog box, click OK.
Parent topic: Workspace Agencies