Axonius Documentation
  1. System Settings
  2. Managing Users and Roles
  3. Working with Data Scopes

Managing Data Scopes

Use data scopes to let users see only data relevant to them or their role. A data scope is a subset of all the data in your environment. Users assigned to a specific data scope can only see the data available to that scope.

Data scopes are useful, for example, when there are different teams, departments, or geographic regions in an organization that each need access to specific assets. While you want a single instance of Axonius installed for your organization, you want each team, department, or geographic region to see only information about its own assets, thereby creating a closed environment for each.

Each data scope has separate entities: queries, dashboards, Enforcement Sets, and reports. When a data scope is first created, it is empty and does not include any of these entities. Access to each entity is determined by the permissions assigned when it is created. They can also be moved from one permission level to another.

Related Data Scope Tasks

Data Scope Types

There are two types of data scopes:

  • Global Data Scope - Users assigned the global data scope have access to all assets in the environment. Any role can be assigned the global data scope. The global data scope is created by Axonius and is not defined by an asset scope query.
  • All other data scopes - These are all other data scopes you create. A user assigned to a data scope can only see the information contained within that scope.
📘

Note:

  • When a user is assigned to a specific data scope, the following permissions are not available:

    • System Management

    • Activity Logs

    • Sharing data across data scopes

  • When a user with User Admin permissions is assigned a data scope, that user can create and manage users within the data scope.

  • Resources, such as dashboards and queries, that have access permissions of Private are available only to the user who created them and only within the data scope where they were created.

  • Adapter Fetch History saved queries

Accessing the Data Scopes Page

Data scopes are listed on the Data Scopes tab of the Data Scopes page.

To access the Data Scopes page:

  1. From the top right corner of any page, click . The System Settings page opens.
  2. In the Categories/Subcategories pane of the System Settings page, expand User and Role Management, and select Data Scopes.
  3. The Data Scopes page is displayed with the Data Scopes tab selected.
  4. The Data Scopes page has two tabs: Data Scopes and Data Scope Profiles. See Data Scope Profiles for more about using profiles.

The Data Scopes tab provides the following information:

  • Data Scope Name - The name of the data scope.
  • Users - The number of users who have access to the data scope.
  • Visit Data Scope - Indicates whether users not assigned the data scope as their Main data scope can visit this data scope.
  • Last Updated - The time stamp when the data scope was last updated.
  • Updated By - The user who last updated the data scope.
  • Created At - The time stamp indicating when the data scope was created.
  • Asset Scope Device Queries - The asset scope device queries used by the data scope.
  • Asset Scope User Queries - The asset scope user queries used by the data scope.