| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2024-10-07 |
scope, subscope, view results access, |
security-compliance |
{{site.data.keyword.attribute-definition-list}}
{: #subscopes}
To run an evaluation by using {{site.data.keyword.compliance_full}}, you must target the specific resources that you want to scan by creating a scope. After your scope is created, you can segment your scope into subscopes that can be used to limit access to scan results. To learn more about scopes and best practices, see Best practices. {: shortdesc}
Only {{site.data.keyword.cloud_notm}} scopes can be segmented into subscopes. {: important}
{: #before-subscopes}
Before you get started, be sure that you have the following prerequisites.
- The required level of access to create and manage subscopes. To manage subscopes, you must have the Writer service role or higher.
- An existing scope.
{: #create-subscope} {: ui}
You can create a subscope by using the {{site.data.keyword.compliance_short}} UI.
- In the {{site.data.keyword.cloud_notm}} console, go to the Resource list page and select your instance of {{site.data.keyword.compliance_short}}.
- In your instance of {{site.data.keyword.compliance_short}}, go to the Scopes page and select the scope that you want to segment by clicking its name.
- In the Subscopes section of the Details panel that opens, click Manage
- Click Create.
- Provide a name and description for your subscope.
- Select the resources that you want to include in the subscope.
Next, you can create an attachment to start evaluating your resources. Or, you can provide access to the users in your account that need to work with the subscope that you created.