AgentSkillsCN

Iam Management

IAM管理

SKILL.md

IAM Management

Manage Vision One identity and access management including API keys, user accounts, and access controls. This skill includes sensitive write operations for identity management.

Instructions

  1. When the user asks about API keys, user accounts, or access management in Vision One, use this skill.

  2. List API keys: Use list_api_keys to review existing API key inventory and status.

  3. Audit user accounts: Use list_accounts to review user access and permissions.

  4. Check account details: Use get_account for detailed user account information.

  5. CRITICAL - Write operations: All write operations in this skill are sensitive and require explicit user confirmation:

    • Deleting API keys removes programmatic access
    • Inviting users grants access to the platform
    • Updating accounts changes permissions
    • Deleting accounts removes user access entirely

  6. Document changes: All IAM changes should be documented for audit and compliance purposes.

  7. Principle of least privilege: When helping with access decisions, recommend minimal necessary permissions.

Tools

This skill uses the following Vision One MCP tools:

Read Operations

ToolPurpose
list_api_keysList all API keys with status and permissions
list_accountsList all user accounts

Write Operations (Sensitive - Require User Confirmation)

ToolPurposeRisk Level
delete_api_keyDelete an API keyHigh - Removes programmatic access
invite_accountInvite a new user to Vision OneMedium - Grants platform access
update_accountModify user account settings/permissionsMedium - Changes access rights
delete_accountRemove a user accountHigh - Removes all user access

Common Workflows

API Key Audit

  1. List all API keys
  2. Identify keys by purpose/owner
  3. Check key permissions and scope
  4. Identify unused or excessive permissions
  5. Recommend keys for rotation or deletion

API Key Cleanup

  1. List API keys
  2. Identify keys for deletion (unused, compromised, etc.)
  3. Confirm with user which keys to delete
  4. Get explicit approval before deletion
  5. Delete specified keys
  6. Document deleted keys for audit

User Access Review

  1. List all accounts
  2. Review permissions by role
  3. Identify excessive permissions
  4. Check for inactive accounts
  5. Recommend access adjustments

User Onboarding

  1. Discuss required access level with user
  2. Determine appropriate role and permissions
  3. Confirm account details with user
  4. Send account invitation
  5. Document new account for audit

User Offboarding

  1. Get account details for departing user
  2. Review account permissions
  3. Confirm deletion with user
  4. Delete the account
  5. Document removal for audit

Permission Update

  1. Get current account details
  2. Discuss required changes with user
  3. Confirm new permissions are appropriate
  4. Update account settings
  5. Verify changes applied correctly

Output Format

API Key Inventory

code
## API Key Summary

**Total Keys**: [count]
- Active: [count]
- Inactive: [count]

### API Keys
| Key Name | Status | Created | Last Used | Permissions |
|----------|--------|---------|-----------|-------------|
| [Name] | [Active/Inactive] | [Date] | [Date] | [Scope] |

### Recommendations
- [count] keys have not been used in 90+ days
- [count] keys have excessive permissions

User Account Summary

code
## User Account Summary

**Total Accounts**: [count]
- Active: [count]
- Inactive: [count]

### Accounts by Role
| Role | Count |
|------|-------|
| Administrator | [count] |
| Analyst | [count] |
| Viewer | [count] |

### Accounts
| User | Email | Role | Status | Last Login |
|------|-------|------|--------|------------|
| [Name] | [Email] | [Role] | [Active/Inactive] | [Date] |

Write Operation Confirmation (Critical)

code
## CONFIRMATION REQUIRED: [Operation Type]

**Operation**: [Specific action]
**Target**: [API key name / User account]

### Impact
[Description of what will happen]

### This action:
- [ ] Is irreversible (deletion)
- [ ] Affects user access
- [ ] Requires documentation

**Type 'CONFIRM' to proceed or 'CANCEL' to abort:**

Audit Log Entry

code
## IAM Change Record

**Date**: [Timestamp]
**Operation**: [Action performed]
**Target**: [Key/Account affected]
**Performed By**: [User who requested]

### Details
[Specifics of the change]

### Justification
[Reason for the change]

Security Considerations

  • All write operations are sensitive and require explicit user confirmation
  • API key deletion immediately revokes programmatic access - verify no critical integrations depend on the key
  • Account deletion is permanent and removes all user access
  • Follow your organization's change management process for IAM changes
  • Document all changes for compliance and audit purposes
  • Apply principle of least privilege when granting permissions
  • Regularly audit API keys and accounts for unnecessary access
  • Consider impact on integrations before deleting API keys
  • Coordinate account changes with user's management chain
  • Deletion operations cannot be undone - verify target before confirming