How does the ownership of SloudSOC and SpanVA entities work?
What is the best way to treat this when planning to use only a single shared CloudSOC SysAdmin account (i.e. [email protected])?
1) CloudSOC (CASB) doesn't have an access role defined as owner per se. The highest access level a user can have to CloudSOC is System Admin (Sysadmin). From the account management perspective, the individual who ordered the CloudSOC SKU from Symantec/Broadcom account director is defined as the contract owner. This person nominates who should be given Sysadmin rights to the CloudSOC instance at the very beginning. Technically the CloudSOC instance is owned and supervised by Symantec - on request from a contract owner we can add/remove Sysadmins via backend management tool. Users with Sysadmin rights can also assign Sysadmin rights to other CASB users.
2) The SpanVA owner is defined as the user who downloaded its image from the CASB portal.
It can be changed under CASB -> Settings -> CloudSOC SpanVA -> View Details.
Ownership of SpanVA does not bestow any additional rights to SpanVA from the CloudSOC side than Sysadmin.