Skip to main content

Create Ownership Clusters to Grant Access Control

This tutorial demonstrates how you can use the Risk owners or Remediation owners cluster for managing access control.

The purpose of the ownership clusters within the Brinqa Platform is to provide access control to datasets. For example, you can give users permission to access certain assets, findings, or both through the ownership clusters. You can create a new Risk owners cluster or Remediation owners cluster, or use the built-in clusters. In both cases, the user must have the Risk analyst role assigned and you must add the designated user as a member to the relevant cluster.

info

Before you proceed, ensure that the users you are adding to the ownership cluster have the Risk Analyst role assigned.

Users with the Configurator or System Administrator role can create or edit clusters. To create a new risk owner cluster, follow these steps:

  1. Navigate to Clusters and click Risk owners.

  2. Click Create and fill in the following fields:

    • Name: Enter a name for the cluster.

    • Description: Provide a description for the cluster.

    • Members: Select the user or users to be members of the cluster, who will have access to the datasets defined by the conditions. This user must have the Risk analyst role.

    • Conditions: Click + to add criteria for each data model. At the minimum, risk owners should have access to a set of hosts and vulnerabilities.

      • Target data model: Click the drop-down and select Host.

        Important

        Avoid selecting a parent data model (such as Asset, Finding, or Ticket) as the target. For example, instead of Asset, select a data model that extends Asset, such as Account, Host, Cloud Resource, and so on. This is because parent data models are not computed during consolidation and choosing a parent data model results in empty counts in the cluster.

      • Order: Specify the condition evaluation order for the target data model.

        This field is important because it signifies the order that the Brinqa Platform follows to evaluate the conditions specified in this cluster and other clusters defined for the same dataset. The evaluation stops after a match is found, ensuring that each record is subject to only one ownership cluster. Therefore, it is logical to prioritize the most specific conditions first.

      • Condition: Specify the condition to define the hosts you want this cluster to view. The supported syntax is Brinqa Condition Language(BCL).

        For example, if the os CONTAINS "Windows" condition is met, users in this cluster can view hosts running the Windows operating system.

      • Click Test condition to see the results retrieved by the condition. This ensures that your cluster groups the expected hosts.

    • Click + to add a condition for Vulnerability.

      • Target data model: Click the drop-down and select Vulnerability.

      • Order: Specify the condition evaluation order for the target data model.

      • Condition: Specify the condition to define the vulnerabilities you want this cluster to view.

        For example, if the targets.os CONTAINS "Windows" condition is met, users in this cluster can view vulnerabilities detected on machines running the Windows operating system.

      • Click Test condition to see the results retrieved by the condition. This ensures that your cluster groups the expected vulnerabilities.

  3. Click Create.

If needed, repeat the steps to create a new cluster in Clusters > Remediation owners.

Clusters are synced through data computation. However, if you want the new clusters to go into effect immediately, follow these steps:

  1. Navigate to Administration Administration Button > Data > Models.

  2. Locate the data model that you have defined in the cluster. For example, Host or Vulnerability.

  3. Click Flows.

  4. Click the compute flow of your data model. For example, for the Host data model, click Host compute flow.

  5. Click Launch, and then click Launch again in the confirmation dialog.

  6. Repeat the steps for all the data models defined in your clusters.

  7. Navigate to the Risk owner or Remediation owner data model and click Flows.

  8. Click Risk owner compute flow or Remediation owner compute flow, then Launch, and then click Launch again in the confirmation dialog.

After the flows have run successfully, navigate to Clusters > Risk owners or Clusters > Remediation owners and click the cluster that you have created. Verify that the datasets defined by the conditions are viewable in the cluster. Alternatively, log in as a member of your clusters and verify that they can view the selected datasets.

info

If you see inaccurate or empty counts in the cluster, see the Troubleshooting section for information about the potential causes of the issue.