Skip to content

Assets

An asset refers to an electronic record that describes a network device, an account, or any other physical or logical entity used for securely storing data. Additionally, an asset can function as a container for logically grouping other assets, facilitating navigation and configuration tasks.

Every asset must be categorized under one of the predefined asset types. This categorization determines the metadata requirements and behavior of each asset utilizing an inheritance model where the Asset Type is the parent and the Asset of that type, is the child.

Container assets, designated by a specific indicator, also need to belong to one of the predefined asset types. Assets categorized as containers can be linked to other containers, establishing an asset hierarchy crucial for navigation and configuration. Security settings and policy configurations are inherited throughout this hierarchy of containers.

The Asset Database page shows the list of assets within the selected container. If there are sub-containers listed, click on their names to navigate into them. The list of assets may span multiple pages, so utilize the pagination controls to navigate or adjust the page size. Use the Filter option to refine assets within the selected container, and use the Search feature to find assets across multiple containers.

Creating a new Asset

To create a new Asset:

  1. Log in with an Administrator, Asset Manager or an account with permission to create an asset in a container.
  2. Navigate to Database > Asset and then navigate into the container where the asset is to be created. Note that the top level container of the page Database > Asset is named Root Container.
  3. From within this container, click the Add button to open the drop-down menu and select the Asset Type that will be used to create the new asset. Use the Asset Type Container to create a new container.
  4. Once the Asset Type is selected, the Add Asset page will open. Enter the values into this form to create your asset. After you complete, click the Save button to create this asset as a Major version (1.0) or use the Save Draft button to create this asset as a Minor version (0.1). Depending on the Asset Type's configuration, you may have more or less fields to populate, but use the guidance provided by the field itself for additional information. You may have fields like this to populate:
    • Name: enter a recognizable name for this asset.
    • Description: optionally, enter a comment or details about this asset.
    • Base Asset: is the asset that defines field values for matching fields. Base asset type has to be the parent of the current asset type for the fields to match.
    • Host: network device host name or IP address to communicate with this endpoint.
    • User: user or account name that can communicate with this host.
    • Password: password of the user or account name.
    • Private Key: private key used to authenticate the provided user.
    • Tags: assign tags to this label. Use the Preview icon to open this asset's Policy Query Preview window to review applicable policies.

Asset and Container Permissions

After an asset or container exists, you may now choose to apply permissions.

Before you begin managing permissions, you first need to understand the asset's current inheritance. In the software, assets and containers are created with their permissions inherited from their parent by default. This means that if you want to modify permissions on an asset, you have two options:

  1. Modify permissions on the asset's parent which will then be inherited down to this asset. Note that you may need to navigate up to the parent's parent, or higher, to modify permission which cascades down to all child objects.
  2. Break inheritance on this asset which allows permissions to be made unique to this object (and any child objects that inherit from it).

Next, it is important to understand the available levels of assets permissions. Below is a breakdown of these permission levels.

Asset Permissions and Visibility

  • Asset Role: defines the access level a grantee has to the asset.

    • No Asset Permission - the grantee has no permissions to the asset
    • Asset Viewer - the grantee has permissions to view non-secret properties of the asset and to list the content of the container
    • Asset Supervisor - in addition to the previous levels the grantee has permissions to view secret properties of the asset
    • Asset Editor - in addition to the previous levels the grantee has permissions to edit the asset. Editor can only save new assets to a Draft (minor) state.
    • Asset Manager - in addition to the previous levels the grantee has permissions to manage asset permissions. Manager can save new assets to a Draft (minor) or Major state.
    • Asset Owner - the grantee has all permissions to the asset

  • Container Role: defines the access level a grantee has to the container.

    • No Container Permission - the grantee has no permissions to the container
    • Container Viewer - the grantee has permissions to list container content
    • Container Asset Creator - in addition to the previous levels the grantee has permissions to create assets in the container
    • Container Creator - in addition to the previous levels the grantee has permissions to create containers in the container

  • Execute Role: defines the access level a grantee has to asset tasks.

    • No Execute Permission - the grantee has no permissions to the asset tasks
    • Execute Operator - the grantee has permissions to execute asset tasks
    • Execute Supervisor - in addition to the previous levels the grantee has permissions to edit asset tasks
    • Execute Manager - in addition to the previous levels the grantee has permissions to create asset tasks

  • Container Visibility: is the indicator that the container is visible in the list of asset of its parent container for the grantee. Unlike Asset Permissions, Container Visibility Permissions are not inherited down the container hierarchy but are always unique for each container. It allows to grant users permissions to see a container path that leads to the assets the user have permissions to without compromising visibility of other assets and containers.

Modifying Inherited Permissions

If you choose to retain permission inheritance, then you must navigate up to the asset's parent where the permissions are configured. To perform this operation:

  1. From the asset's Actions menu, choose the Permissions option.
  2. Above the asset's permission list, observe the permission inherited message. The example below indicates that the Database server asset's permission are inherited from its parent container Network East.

Permission Inherited Message

  1. You can use the parent asset name Network East link to navigate up to this parent. You may need to navigate up one or more parent levels until you reach the location where the permissions reside and from there you can modify them as needed.

Clicking on Network East navigates up to its parent container Production, where the permission is inherited from.

Permission Inherited Message

Finally, you see the Unique permissions on the Production asset, indicating that this is the top level asset from where the original Database server asset inherits its permission from.

Permission Inherited Message

Now, from this Production asset's permission list you can modify permissions. Modifying permission on Production will inherit down to Network East which will inherit down to the Database server asset, along with any other child objects in any asset or container of Production. To Grant permission:

  1. From this top level parent with unique permission, click the Grant button.
  2. Select the User or Group that will be granted a permission role to this asset.
  3. Assign a permission level for each available role parameter. Refer to the previous Asset Permission for details of each level.
  4. Click the Grant button to complete this operation.

To confirm, navigate down to the original Database server asset, open its Permission action and observe that the permission granted on the parent is visible on this child via the inheritance model.

Breaking Permission Inheritance

Rather than maintaining permission inheritance, you can choose to break inheritance on an asset (or container) providing the option to create unique permissions directly on that object. To break inheritance:

  1. From the asset's Actions menu, choose the Permissions option.
  2. On this Asset Permission page, click the Make Unique button. The permission inherited message will now change to the Unique permissions message indicating that the inheritance is now broken. Also, the Make Unique button will change to a Inherit button, that when clicked will re-inherit permission inheritance with its parent, removing all unique permissions on this asset during the operation.
  3. Now, you can click the Grant button to begin creating unique permissions on this asset or you can use the Revoke action to remove permissions that were left after inheritance was broken.
  4. Assign permission to this asset as required and click the Grant button to complete this operation.

Note

When an asset's inheritance permission is broken or made unique, it no longer inherits from its parent. However, permissions assigned directly to this now-unique asset will be inherited down to its child objects.

Asset Actions

This section details the list of Actions that are available for Assets. If an Action is specific to a Container only, that will be noted in the description, otherwise these are Asset specific actions available from the Actions menu of the Asset List or from the Asset View page.

  • List: (Container only) opens the container and displays the list of child objects.
  • View: opens the asset.
  • Edit: edits the asset.
  • Demote Major: demotes a major version to a minor version.
  • Promote Major: promotes a minor version to a major version.
  • History: opens the change history of the object with a Restore action.
  • Request Selectors: opens the Request Selectors page to assign an approval process to a user attempting to access an action on this asset.
  • Peer Nodes: open the Peer Nodes page to delegate remote job execution to an available Peer Node.
  • Copy: copies the selected asset(s).
  • Cut: moves the select asset(s).
  • Paste: pastes the selected asset(s) to a new location, creating a copy of the original.
  • Link: symbolically links the selected asset(s) to a new location, creating a link back to the original.
  • Tag / Untag: apply a new tag or remove a tag from the selected asset(s).
  • Execute: initiates an interactive task execution of the chosen script on the single asset or on multiple selected (bulk) assets.
  • Import: (Container only) initiate an Import operation to this container.
  • Permissions: opens the permission page of this asset where new roles can be added or revoked and inheritance can be broken or re-established .
  • Container Visibility: opens the visibility page to assign user or groups a role to view container hierarchy despite the permission relationship.
  • Tasks: opens the asset's task list to manage tasks, scripts and scheduling capabilities of an asset.
  • Events: opens the Event Report specific to the events generated by this asset.
  • Jobs: opens the Job Report specific to the jobs executed from this asset.
  • Statuses: opens the Statuses Report specific to the statuses captured from this asset.
  • Workloads: opens the Workloads Report specific to this asset.
  • Connections: opens the Connections Report specific to this asset.
  • Summary Report (Reports > Summary)
    • From Asset: opens an aggregated Connections report that groups the same port from multiple different high-numbered ports that includes the count of connections to simplify the view of the connections on the selected asset.
    • From Container: opens the list of connection reports along with the inter-asset connection chart for the assets located in the selected container and its sub-containers.
  • Firewall: opens the Firewall Report specific to this asset.
  • Enforce Policies: this option is used to enforce policies on this asset. Enforce Policies disables default firewall rules on the asset and should be used after an affecting policy is published to secure the asset.
  • Restore Original: this option restores or re-enables disabled default firewall rules that were disabled from the Enforce Policies option.
  • Apply Policies: this option finds all policies affecting the specific asset, applies each policy only to this selected asset to generate necessary firewall rules and finally, the action publishes the rules to the asset endpoint. This is useful as a way to limit the policy application to one specific asset without affecting other assets that might be targeted by the policies and without affecting the policy's status.
  • Request Service: an option that allows a user to request time-limited access to this asset through a specific service or workload.
  • Delete: deletes the selected asset or container. In the case of a linked object, delete removes the link between the selected object and its current parent. When this is the last link from the object to its parent, the operation will delete the object itself from the asset database. This action cannot be undone.
  • Deep Delete: performs a deep delete operation on the selected object. When the object is a container, it will delete this container and all its child objects in a single operation. When the object is linked, it will delete this selected object and all its links to parent objects in a single operation. The action cannot be undone.

Searching Assets

Users can use the Search... box to perform a quick search within the current container, and any child containers, to locate assets matching the query.

Searches can be performed using the following query types:

  • Query searches, the default type for all users, are used to enter a text string query to locate assets and containers that contain this string. All containers or assets with this string currently in its Name, Description, Host, User, Tags or any other non-secure custom field will appear in the results. Asset Query Search

Note

Asset Viewer permission or higher to an asset is required for it to appear in the user's search results.

  • Asset searches are used to enter a text string query to locate assets only that contain this string. All assets with this string currently in its Name, Description, Host, User, Tags or any other non-secure custom field will appear in the results. Containers are excluded from this query.

  • Container searches are used to enter a text string query to locate containers only that contain this string. All containers with this string currently in its Name, Description or any other non-secure custom field will appear in the results. Assets are excluded from this query.

  • Taxonomy searches are used to pick a term from the chosen Taxonomy that is used for search. Use the Taxonomy Picker to select or begin typing the Taxonomy Term and use the Type Ahead picker to select the term for search. All assets currently tagged with the selected term in its Tags field will appear in the results. Asset Query Search

Note

Taxonomy based search is only available for users with the Space Role Administrator, Auditor or Asset Manager.