You can use domains to segregate data in your Cloud Workload Protection account between different entities of your organization.
A domain is a logical partition that facilitates segregation of organizational data in your account. Create domains and assign specific users to particular domains as per your requirement. The settings and configurations that you have done in the product is available only to the domain where you belong. For example, you have two domains - A and B. The connections, instances or buckets, policy groups, and all other settings that the users of domain A have configured are available only to the users of domain A. The domain B users do not get access to any of the domain A settings.
When you subscribe to the Cloud Workload Protection product suite, you get two out-of-the-box domains. One of the domains is your default domain and the other is a general-purpose domain called Symantec Launchpad. The Symantec Launchpad domain helps you to get started. If you want to add domain users, then you must switch over to Symantec Launchpad domain to explicitly add the users. You can also create new domains and see the list of available domains on the Settings > Domains page of the Cloud Workload Protection console. You must be on the default domain and have the Super Administrator role to create or see the domains. The first user of the product always has the Super Administrator role. The Super Administrator can create additional Super Administrator users from the Settings > Users page of the Cloud Workload Protection console. The Super Administrator role is visible only when you create users in the default domain.
At a glance, the default domain provides the following additional abilities for Super Administrator users than any other domain:
Create and view domains (Settings > Domains)
Create Super Administrator users (Settings > Users)
Push policy groups to other domains (Policies)
View the subscription and usage details for all domains (Settings > Subscription and Usage)
Creating, viewing, and switching domains
If you have the Super Administrator role and are on the default domain, you can create and view the available domains in your account.
To create and view domains
On the Cloud Workload Protection console, go to Setting > Domains.
The Domains list displays a list of the available domains in your account.
To create a new domain, press Create Domain and enter the details.
You can select an existing user or create a new user to assign to the new domain.
Once the domain is created, it'll be available in the Domains list. You cannot edit or delete a domain.
To assign additional users to the new domain, switch to the domain and create new users from the Settings > Users page.
If you are a part of multiple domains, ensure that you select the right domain each time you log on. Cloud Workload Protection does not preserve the domain you were working on in your last session.
To switch the domain, press the drop-down menu next to the user menu on the top of the Cloud Workload Protection console.
Set up AWS, Azure, or GCP connections on the new domain and apply policy groups to secure the instances. Perform the next step if you want to push any custom policy group from the default domain to the new domain. Pushing a policy group makes the policy group available in both the domains.
To push a policy group:
On the Policies page, hover the mouse pointer over the policy group that you want to push.
In the selected policy group row, press Push to Domain button that is on the right-most side of the row.
Select the domain and press Push.
Creating a Super Administrator
You must be on the default domain to create Super Administrator users.
To create a Super Administrator
On the Cloud Workload Protection console, go to Settings > Users.
Press the + icon.
Enter the user details and select the role as Super Administrator.