Loading...
Back

About accounts and policies

AWS WAF ClassicAWS WAF v2AzureGoogle CloudOld PlanNew PlanAdvancedLegacyFeature / Spec.

Overview

There are several types of accounts in WafCharm. This article explains each account and type.

Types of accounts

  • Owner role account
  • Member role account

Owner role account

An owner role will be automatically assigned to an account when you sign up for WafCharm.

An owner role account can use all features within WafCharm, including member account and payment management.

This account will always have owner role and owner policy (permissions).

Member role account

An account created as a child account associated with the owner account.

Member accounts will be assigned permissions using policies. The selected policy determines what the account can do on the WafCharm Console.

This account has a Child Member role.

Limitations and Notes

  • The owner policy attached to an account cannot be changed.
  • The owner policy cannot be assigned to other member accounts.
  • Existing users with owner role accounts cannot switch to member role accounts.
  • All accounts require valid email addresses.
  • An email address used by a WafCharm account cannot be reused by another account. It must be unique within the whole WafCharm system so the email addresses used by other owner role accounts or member role accounts cannot be used again.

Policies

Policies are attached to member accounts.

The attached policies determine what action can be taken on a specific resource.

Target resources

Resources managed on the WafCharm Console are as follows.

Accounts with owner or manager permissions can manage member accounts and policies in addition to the resources below.

  • Credential Store
    • This is used to register credential information for WafCharm to access your web ACLs and other necessary resources.
  • WAF Config
    • This is used to register web ACL information.
  • WAF Config Notifications
    • This is used to configure notifications and email addresses to notify when using the WAF log alert feature.
  • Web Site Config
    • This is used to register where to obtain access logs from.
  • Web Monitoring Config
    • This is used to configure the web monitoring feature.
  • Monthly Reports
    • This is used to view the monthly report when the feature is enabled.

Types and descriptions of policies

Each policy has permissions below for the resources stated above. There are two types of policies, and a limited policy can limit the WAF Config the user can manage.

Default policies

Policy type

Description

Owner

Has all operating permissions. It allows you to manage your members and policies.

Manager

Has all operating permissions. It allows you to manage your members and policies.

Developer

Has all operating permissions.

Editor

Has read / update permissions.

Reader

Has read permissions.

Limited policies

Up to 100 policies can be created.

Policy type

Description

Limited Developer

Has read/update permissions for the authorized WAF Config. Has permission to create Web Site Configs for an authorized WAF Config.

Limited Editor

Has read/update permissions for the authorized WAF Config.

Limited Reader

Has read permissions for the authorized WAF Config.