Capabilities
Access management in SBOM Insights provides the following capabilities:
| • | Organizing Users into Groups to Simplify Role Management |
| • | Role Inheritance |
| • | Simplified User Roles |
| • | Ability to Add Users at an Account Level |
For details on known limitations in SBOM Insights management, refer to Known Limitations.
Organizing Users into Groups to Simplify Role Management
You can organize users into groups based on your organizational needs or other criteria and assign specific roles to the groups, simplifying the management of roles across your Organization versus having to assign roles to individual users. This is known as Role Inheritance.
For related information, refer to the following sections:
| • | Adding New Users |
| • | Creating and Managing Groups |
| • | Downloading a User Role Report |
Role inheritance is a powerful feature for granting roles to a user across all accounts in an Organization. Simply grant the necessary role at the Organization level and the role will be inherited down to all accounts within it.
In SBOM Insights, all inherited roles are shown explicitly and can only be modified at the level they were assigned.
To view role inheritance:
| 1. | Go to the User Management page (Administration > Identity Management > User Management). |
| 2. | Click a user record link in the Email Address column. |
A slideout is displayed showing user details.
| 3. | Click the Roles tab. |
A list of roles available in SBOM Insights is displayed, grouped by capability. These accordion sections of capabilities can be minimized or expanded. Any roles that are checked are currently granted to that user.
If the Inherited Role icon 
appears next to a role, it means either of the following depending on what section of the page you are on:
| • | The role is inherited from a group (if you are in the section showing Roles for organization: organization name at the top of the page). |
| • | The role is inherited from the Organization or a group (if you are in the section showing roles for Accounts at the bottom of the page). |
As long as the user is a part of an account or group with this role, they will have the inherited permissions. You can click the Inherited Role icon 
to view the group name from where the role is inherited.
You can also click the Inherited Role link to drill down to the Groups page, which shows details of the group from which that the role is inherited.
Out-of-the-box roles can be given to users as well as groups at the account and Organization levels. These roles are also displayed by categories: Platform Administration, Software Bill of Materials, and SCA Data Library. For more information, see SBOM Insights Roles.
Ability to Add Users at an Account Level
The Accounts page (Administration > Identity Management > Accounts) lets you add users to accounts and also manage roles at the group level within any selected account.
Currently, there is one known affiliation limitation in SBOM Insights access management. That is, some users in your Organization user list might not have access to any account in your Organization. They exist in this list because at some point in the past they were granted a role or invited to an account. You can remove such users from your Organization by simply deleting them.