The Anchore Enterprise 5.6 release features updates to account management that enable administrators to context switch fast; analyzing and troubleshooting multiple datasets across multiple accounts. And allow users to share data across accounts easily and safely.
Improve data isolation and performance with accounts and role-based access controls
Accounts are the highest level object in the Anchore Enterprise system. Each account has its own SBOM assets, users, policies, and reports that are siloed from other accounts in the system. Admins can separate their environment into different accounts based on teams, business units, projects, or products. With accounts, admins can isolate data to meet data security requirements or create workflows that are customized to the data flowing into that account.
Accounts allow secure data sharing in a single system. On top of that it enables performance improvements by reducing the total amount of data that is processed when updating records or generating reports.
Each account can have users and roles assigned. Admins create users and set identification as well as permissions. Users have roles assigned that may have custom rights or privileges to data that can be viewed and managed within the account.
Leveraging account context to improve remediation and visibility
In Anchore Enterprise an account object is a collection of settings and permissions that allow a user to access, maintain and manage data. Anchore Enterprise is a multi-tenancy system that consists of three logical components (accounts, users and permissions) providing flexibility for users to access and manage their data.
On occasion users may need to access information that resides outside of their own account. To investigate or troubleshoot issues and to manage data visibility across teams, allowing account context is crucial. Within the Anchore Enterprise UI, the Account Context option enables “context switching” to view SBOMs, analysis, and reports of different accounts while still retaining the specific user profile.
Also standard users are now provided with an additional level and vector of access control.
Adding Account Context in the URL
Until now the URLs in Anchore did not include account context which caused limitations to sharing data across accounts. Different users within the same account or users who were not part of the same account had to manually navigate to resources that were shared.
In Anchore 5.6, account context is now included in the URL. This simplifies the workflow for sharing reports among users who have access to shared resources within the same or across different accounts.
Example Scenario
1. Create an account TestAccount and added a user TestUser1
2. Analyze the latest tag for Ubuntu under TestAccount context as username admin.
http://localhost:3000/TestAccount/artifacts/image/docker.io/ubuntu/latest/sha256:d21429c4635332e96a4baae3169e3f02ac8e24e6ae3d89a86002d49a1259a4f7
3. Log out of username admin
4. Paste the URL for the image analysis page above
5. Log in as username TestUser1
6. You will now be directly navigated to the Image analysis page
7. Verify top right that you are under username TestUser1
8. If you are trying to access a link without having access to the resource, you will receive an error message on the top right corner of the UI.
Please feel free to review our release notes for other notable updates and bug fixes in Anchore Enterprise 5.6.
