New CloudGuard Dome9 Feature: Granular onboarding permission
Dome9 now allows to assign a granular permission for onboarding Cloud accounts to Users and Roles.
The permission allows customers to create a dedicated, security tightened Dome9 roles (and users) that would be limited to onboarding cloud accounts. If not allowed to access other resources, these roles would not be able to view or manage any information other than the account they onboarded.
A typical use case for using the new permission is allowing a DevOps team to onboard newly created cloud accounts (as part of the CI/CD pipeline) to Dome9. In some cases the security team would not allow the DevOps team to view security and compliance related information in Dome9. With the new permission it is possible to restrict the role to onboard cloud accounts.