Lansweeper provides granular access management options that allow you to control who can sign in to your site, what actions they can perform, and which assets they can view.
This article covers the key concepts of access management in the Lansweeper Platform, including accounts, roles, permissions, scopes, and groups, and how they work together.
This article describes how to manage member accounts with access to your Lansweeper Site. It does not cover user assets discovered during scans of Microsoft environments or directory services such as Active Directory or Azure AD. Those scanned users appear as asset data, not as site user accounts. For more information on managing user assets, see Create user views.
Why access management matters
It is important to control your access management for your Lansweeper Platform because it helps you:
Protect sensitive asset and inventory data.
Follow the principle of least privilege by giving users only the access they need.
Simplify administration by managing permissions centrally instead of per user.
Securely support collaboration across teams, regions, and departments.
Key concepts of access management in Lansweeper
Asset scopes
Asset scopes determine which assets an account can access.
You can define scopes based on criteria such as:
Asset type (for example, servers, Windows devices, network equipment)
Domain or subnet
Installation or scanning target
Location
If no asset scopes are configured, accounts can see all assets in their inventory. By adding scopes, you restrict the assets an account can view.
Permissions
Permissions control the features an account can access and the actions they can take.
As part of permissions, you can control an account’s ability to:
View and edit assets
Create and delete dashboards
View configuration details
View and export vulnerabilities and lifecycle details
If no permissions are configured, member accounts will not have access to any feature of your Lansweeper Site. By adding permissions, you grant member accounts more access to your site.
Roles
A role defines what someone can do and see in Lansweeper.
Roles combine:
Permissions: The specific actions a member can perform, such as manage assets or view dashboards.
Scopes: The assets where those actions apply.
By assigning a role to an account member or group, you control their effective permissions across your site.
Accounts
An account represents an individual person with access to your Lansweeper Site.
Each account has:
A unique email address for authentication.
A role or multiple roles that determine what the account can do.
An optional ability to be included in an account group.
Account groups
An account group is a container for multiple member accounts that share the same roles.
Groups help you:
Assign and update access for teams or departments at once.
Keep user management consistent as people join or leave the organization.
You can assign one or more roles to an account group. Every account in that group inherits its permissions and scopes.
Recommended workflow
We recommend the following workflow for working through access management:
Plan your access structure by identifying the various team members you want to grant access to your site, and what type of access they need to be successful.
Create asset scopes to define which assets can be viewed.
Manage roles by assigning permissions and scopes to match job functions.
Create account groups to organize member accounts that share the same role.