Manage Teams, Roles, and Service Accounts

The use of teams provides a strategic way to organize groups, streamline workflows, or protect data, as needed by an organization. Administrators who design and implement teams should have an in-depth knowledge of organizational infrastructure and goals.

Teams and roles must be assigned separately in Sysdig Monitor and Sysdig Secure.

For more information, including foundational concepts, see User and Team Administration.

Teams Overview

On the Teams page, you can create, modify, and review teams. The page is divided into two parts. The Summary section displays statistics and information about the default team. Underneath, there is a searchable list of all teams.

The Summary displays:

  • Number of teams: This is a total number of teams in all available Sysdig products.
  • Secure Default team: Shows the default Secure team. Click View Team to review the configuration and make changes. Note: Available only for Secure customers.
  • Monitor Default team: Shows the default Monitor team. Click View Team to review the configuration and make changes. Note: Available only for Monitor customers.

Create a Team

  1. Log in to Monitor or Secure as Admin.

  2. Select Settings from the user menu.

  3. Select Teams.

  4. Click Add Team.

  5. Enter the team name, configure the team details, and click Save.

    For more information on each configuration option, see Team Settings.

    You will not be able to assign users or create service accounts until you provide at least a name and click Save.

Team names must be unique across Monitor and Secure. If you attempt to create a team in Secure with the same name as one created in Monitor, you will see an error message stating that a team with the same name already exists and you will be prevented from creating the team.

Edit a Team

  1. Log in to Monitor or Secure as Admin.

  2. Select Settings from the user menu.

  3. Select Teams.

  4. Select a team to edit from the team list.

    You can use the search box to find the specific team.

  5. Select the option Edit team from the three dot menu on the right side.

  6. After making the necessary changes, select Save to save the changes.

Team Settings

SettingRequiredDescription
ColorYesAssigns a color to the team to make them easier to identify in a list.
NameYesThe name of the team.
DescriptionNoEnter a description for the team.
Default TeamNoIf this is toggled on, users that are not assigned to any team will be added to this team by default.
Default User RoleNoThe default role given to users added to this team. You can choose either Custom Roles or Sysdig Team-Based Roles. Advanced User is the default.
Default Entry PointYesSelect which page of Monitor opens first when a user logs in through this team. The default is Explore.

To select a dashboard, open the secondary Dashboard drop-down, or type the name of the dashboard to select it. The drop-down is only populated with shared dashboards accessible to everyone on the team.

This setting is only available in Monitor.
ZonesYesZones are in Controlled Availability for Teams. Contact Sysdig Support to request access. This is an experimental feature, and will not work for Vulnerability Management (VM) and Threat Detection. To learn more, see Team Zones.

Select zones to allow the team to see data in different Secure modules.

Select All Zones to give the team total visibility.

Otherwise, chose Selected Zones to give your team permission to view particular areas.

You can create new zones and edit existing zones in Inventory > Zones.
Team Scope (Legacy)YesDetermines the highest level of the data to which team members will have visibility.

Agent Metrics: If set to Host, Team members can see all Host-level and Container-level information. If set to Container, Team members can see only Container-level information.

Prometheus Remote Write Metrics: Visible if Prometheus Remote Write is enabled for your Monitor account. Use this option to determine what level of Prometheus Remote Write data your Team members can view.

You can further limit what data team members can see by specifying tag/value expressions for metrics for each data source. The drop-down menu defaults to is, but can be changed to is not, in, contains, and so on. Complex policies can be created through AND chains of several expressions.

Note that making changes to the Team Scope settings can have a dramatic impact on what’s visualized in the pre-configured Team’s Dashboards, so you may want to carefully review these before and after your change.

Note that Vulnerability Reports can only be created from the following filters:
  • kubernetes.cluster.name

  • kubernetes.pod.name

  • kubernetes.pod.container.name

  • kubernetes.workload.name

  • kubernetes.workload.type

  • cloudProvider.account.id

  • cloudProvider.region

  • host.hostName

  • kubernetes.cluster.name

  • cloudProvider.account.id

  • cloudProvider.name

  • cloudProvider.region

  • registry.image.repo

  • registry.name

  • registry.vendor

Additional PermissionsNoSysdig Capture: Enable this option to allow this team to take Sysdig Captures. The Captures will only be visible to members of this team.

WARNING: Captures will include detailed information from every container on a host, regardless of the team’s Scope.

Agent CLI: Enable this option to give this team access to Using the Agent Console.

Infrastructure Events: Enable this option to allow this team to view all Infrastructure and Custom Events from every user and agent. Otherwise, this team will only see infrastructure events sent specifically to this team.

Rapid Response: Enable this option to give this Secure team access to Rapid Response. See Rapid Response.

AWS Data: Enable this option to give this team access to AWS metrics and tags. All AWS data is made available, regardless of the team’s Scope.

Team Users

Manage the members of a team from the Team Users page. Here, administrators can add and remove users, configure roles, and review team members.

Users added in Sysdig Monitor will appear in the full list of users for both Sysdig Monitor and Sysdig Secure, if both products are in use. However, users will not have login access to Sysdig Secure until they are added to a Sysdig Secure team.

Assign a User to a Team

Users can be assigned to multiple teams. To add a user to a team:

  1. Log in to Sysdig Monitor or Sysdig Secure as Admin.

  2. Select Settings from the user menu.

  3. Select Teams.

  4. Find the relevant team on the list, or use the search box, and then select the relevant team.

  5. In the Team Users section, click Assign User.

  6. Select the user from the User drop-down list.

    The drop-down list supports searching. You can select only one user at a time.

The user list contains all users, including Admin users. Admin users are already members of all teams, so those are disabled.

If you select a user who is already a member of team and add this user with a different role, the system replaces the existing user role with the newly selected role.

  1. Click the Role drop-down menu to select the User Role. The role list includes Custom Roles.

  2. Optional: Repeat steps 5 to 7 for each additional user.

  3. Click Save.

Update a User Role

To change the role of a user in a team:

  1. Find the user from the Team Users list.

    You can use the search box.

  2. Click on the three dot menu on the right, and select Update role.

  3. Select the preferred role from the Role dropdown.

  4. Click Save.

Remove a User from a Team

To remove a user from a team:

  1. Find the user from the Team Users list.

    You can use the search box.

  2. Click on the three dot menu on the right, and select Remove user.

  3. Click Yes to confirm.

Service Accounts

Applications or scripts can use Service Accounts to access Sysdig APIs. Service accounts are not bound to a user, but to a team. You can generate as many team service accounts as you need. Each service account has exactly one role.

Service Accounts are team-based and are available when editing a team.

Unlike users, service accounts have no permissions out of the box. They only have the permissions granted by the role you assign them. In addition, these tokens are not retrievable after they are generated and have a pre-defined retention time.

Create a New Service Account

  1. Log in to Sysdig Monitor or Sysdig Secure as Admin.

  2. Select Settings from the user menu.

  3. Select Teams.

  4. Find the relevant team on the list, or use the search box, and then select the relevant team.

  5. In the Service Accounts section, click Add service account.

  6. Define the following:

    • Name: Arbitrary token name
    • Role: Any role. See Team Based Roles and Privileges
    • Expiration: Click to open a calendar, where you can choose a date for the service account to expire.
  7. Optional: Repeat steps 5 to 6 for each additional service account.

  8. Click Save.

Delete a Team

When a team is deleted, some users may become “orphans”, as they are no longer a part of any team. These users will be moved to the default team.

The default team cannot be deleted. A new default team must be selected before the old default team can be deleted.

To delete a created team:

  1. Log in to Monitor or Secure as Admin.

  2. Select Settings from the user menu.

  3. Select Teams.

  4. Select the relevant team from the list, or

    You can search for it with the search box.

  5. Click Delete Team, then Yes, delete to confirm the change.

User Roles

For a detailed overview of roles, review Team-Based Roles and Privileges

Note that:

  • Advanced User permissions can be further refined into either a View-only User or a Team Manager.

  • Managers can add or delete members from a team, or toggle members' rights between Edit, Read, or Manager.

  • Admins have universal rights and are not designated as Team Managers, Advanced Users, View-Only Users, or Standard Users.

  • Manager or Advanced User permissions can be assigned even to Pending users; administrators do not have to wait for the user’s first login to set these roles.

To assign a role to a user on a team, see Assign a User to a Team