# Create a space

A space allows your organization to segment the global account into independently governed environments. Each space defines a set of resources and managing users.

***

### Prerequisites

<table><thead><tr><th width="202.34375">Item</th><th>Description</th></tr></thead><tbody><tr><td><strong>Admin role</strong></td><td>Only Apono users with an Admin role can create a new space.</td></tr><tr><td><strong>Resource inventory</strong></td><td>One or more integrations must be configured in the global account.</td></tr><tr><td><strong>Identity provider</strong></td><td>You must have an <a href="../../additional-integrations/identity-providers">identify provider (IdP)</a> integrated to add space members.</td></tr></tbody></table>

***

### Create a new space

Follow these steps to create a new space:

1. On the [**Spaces Management**](https://app.apono.io/spaces) page, click **Create New Space**. The **Space details** page appears.

{% hint style="success" %}
You can also click **Space Settings** at the top right of the screen to access the **Spaces Management** page.
{% endhint %}

2. Enter a **Space name**. The name should be unique and reflect the environment or group that will own it.
3. Define the space [membership](#define-membership).
4. Define the space [inventory](#define-inventory).
5. Click **Create Space**. The new space appears as a tile with summary details on the **Spaces Management** page.

#### Define membership

<figure><img src="https://1094436629-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fv6MBfUGvblSdAz31yJXm%2Fuploads%2Fgit-blob-e4608a8769d051e9fafa93cd6893b8b123e252b6%2Fspace-add-members.png?alt=media" alt="" width="563"><figcaption><p>Select Space Member window</p></figcaption></figure>

Follow these steps to add members to manage the space:

1. Click **Invite User**. The **Select Space Members** pop-up window appears.
2. In the **User** field, select one or more users to assign to a role.
3. Select a **Role** option.

<table><thead><tr><th width="236.9609375">Role</th><th>Description</th></tr></thead><tbody><tr><td><strong>Space Owner</strong></td><td><p>Can perform the following tasks:</p><ul><li>Add and remove users from a space</li><li>Manage access objects within a space</li></ul></td></tr><tr><td><strong>Space Manager</strong></td><td><p>Can perform the following task:</p><ul><li>Manage access objects within a space</li></ul></td></tr></tbody></table>

4. Click **Done**. The selected users and roles appear in the summary pane.
5. Click **Save Changes**. The pop-up window closes.
6. Click **Next**.

#### Define inventory

<figure><img src="https://1094436629-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fv6MBfUGvblSdAz31yJXm%2Fuploads%2Fgit-blob-4244102d691f44b2815586b1001d13b44702f570%2Fspace-access-scope.png?alt=media" alt="" width="563"><figcaption><p>Space Access scope pane</p></figcaption></figure>

Follow these steps to define the space-managed resources:

1. In the **Space Access scope** pane, filter the resources by one or several of the following filters.

{% hint style="success" %}
To create complex queries, click **AQL** to build a query in the code box.

The[ Apono Query Language](https://docs.apono.io/docs/inventory/apono-query-language) enables you to extend your query capabilities beyond the standard options available with the UI.
{% endhint %}

<details>

<summary>Integration</summary>

Follow these steps to filter by integration:

1. Click the **Integration** dropdown menu.
2. From the dropdown menu, select the [comparative logic](#comparative-logic):
   * **Equals (=)**
   * **Not Equals (!=)**
3. (Optional) In the **Search** field, enter a value to filter the list of integrations.
4. Select one or several integrations. Only the values meeting the criteria will be shown.
5. Click the top or outside of the dropdown menu to close it.

</details>

<details>

<summary>Resource Type</summary>

Follow these steps to filter by resource type:

1. Click the **Resource Type** dropdown menu.
2. From the dropdown menu, select the [comparative logic](#comparative-logic):
   * **Equals (=)**
   * **Not Equals (!=)**
3. (Optional) In the **Search** field, enter a value to filter the list of resource types.
4. Select one or several resource types. Only the values meeting the criteria will be shown.
5. Click the top or outside of the dropdown menu to close it.

</details>

<details>

<summary>Resource Status</summary>

Follow these steps to filter by resource status:

1. Click the **Resource Status** dropdown menu.
2. From the dropdown menu, select the [comparative logic](#comparative-logic):
   * **Equals (=)**
   * **Not Equals (!=)**
3. (Optional) In the **Search** field, enter a value to filter the list of resource statuses.
4. Select one or several resource statuses. Only the values meeting the criteria will be shown.
5. Click the top or outside of the dropdown menu to close it.

</details>

<details>

<summary>Resource Name</summary>

Follow these steps to filter by resource name:

1. Click the **More Filters** dropdown menu.
2. Select **Resource Name**.
3. From the dropdown menu, select the [comparative logic](#comparative-logic):
   * **Equals (=)**
   * **Not Equals (!=)**
   * **Contains (a\*b)**
   * **Does not contain (!a\*b)**
   * **Starts with (\*b)**
   * **Ends with (a\*)**
4. (Optional) In the **Search** field, enter a value to filter the list of resource names.
5. (**Equals**, **Not Equals** only) Select one or several resource names. Only the values meeting the criteria will be shown.
6. Click the top or outside of the dropdown menu to close it.

</details>

<details>

<summary>Resource Path</summary>

Follow these steps to filter by resource path:

1. Click the **More Filters** dropdown menu.
2. Select **Resource Path**.
3. From the dropdown menu, select the [comparative logic](#comparative-logic):
   * **Equals (=)**
   * **Not Equals (!=)**
   * **Contains (a\*b)**
   * **Does not contain (!a\*b)**
   * **Starts with (\*b)**
   * **Ends with (a\*)**
4. (Optional) In the **Search** field, enter a value to filter the list of resource paths.
5. Select one or several resource paths. Only the values meeting the criteria will be shown.
6. Click the top or outside of the dropdown menu to close it.

</details>

<details>

<summary>Resource Tag</summary>

Follow these steps to filter by resource tag:

1. Click the **More Filters** dropdown menu.
2. Select **Resource Tag**.
3. (Optional) In the **Search** field, enter a value to filter the list of resource names.
4. Click the resource name.
5. From the dropdown menu, select the [comparative logic](#comparative-logic):
   * **Equals (=)**
   * **Not Equals (!=)**
   * **Contains (a\*b)**
   * **Does not contain (!a\*b)**
   * **Starts with (\*b)**
   * **Ends with (a\*)**
6. (Optional) In the **Search** field, enter a value to filter the list of resource tags.
7. (**Equals**, **Not Equals** only) Select one or several resource tags. Only the values meeting the criteria will be shown.
8. Click the top or outside of the dropdown menu to close it.

</details>

<details>

<summary>Permission Name</summary>

Follow these steps to filter by permission name:

1. Click the **More Filters** dropdown menu.
2. Select **Permission Name**.
3. From the dropdown menu, select the [comparative logic](#comparative-logic):
   * **Equals (=)**
   * **Not Equals (!=)**
   * **Contains (a\*b)**
   * **Does not contain (!a\*b)**
   * **Starts with (\*b)**
   * **Ends with (a\*)**
4. (Optional) In the **Search** field, enter a value to filter the list of resource names
5. (**Equals**, **Not Equals** only) Select one or several permission names. Only the values meeting the criteria will be shown.
6. Click the top or outside of the dropdown menu to close it.

</details>

<details>

<summary>Resource Risk Level</summary>

Follow these steps to filter by resource risk level:

1. Click the **More Filters** dropdown menu.
2. Select **Resource Risk Level**.
3. From the dropdown menu, select the [comparative logic](#comparative-logic):
   * **Equals (=)**
   * **Not Equals (!=)**
4. Select one or several resource risk level. Only the values meeting the criteria will be shown.
5. Click the top or outside of the dropdown menu to close it.

</details>

<details>

<summary>Permission Risk Level</summary>

Follow these steps to filter by permission risk level:

1. Click the **More Filters** dropdown menu.
2. Select **Permission Risk Level**.
3. From the dropdown menu, select the [comparative logic](#comparative-logic):
   * **Equals (=)**
   * **Not Equals (!=)**
4. Select one or several pemission risk level. Only the values meeting the criteria will be shown.
5. Click the top or outside of the dropdown menu to close it.

</details>

<details>

<summary>Comparative Logic</summary>

<table><thead><tr><th width="180">Logic</th><th>Description</th></tr></thead><tbody><tr><td><strong>Equals (=)</strong></td><td><p>Checks if values are the same</p><p><strong>Examples</strong>:</p><ul><li><strong>Resource Type</strong> equals <strong>DynamoDB Table</strong></li><li><strong>Resource Status</strong> equals <strong>ACTIVE</strong></li></ul><p>After filtering by this value, you can select the exact resources to include in your filtered query.</p></td></tr><tr><td><strong>Not Equals (!=)</strong></td><td><p>Checks if values are different</p><p><strong>Examples</strong>:</p><ul><li><strong>Integration</strong> does not equal <strong>AWS Playground</strong></li><li><strong>Resource Type</strong> does not equal <strong>S3 Bucket</strong></li></ul><p>After filtering by this value, you can select the exact resources to include in your filtered query.</p></td></tr><tr><td><strong>Contains (a*b)</strong></td><td><p>Checks if a value contains another value as a substring or pattern</p><p><strong>Examples</strong>:</p><ul><li><strong>Resource Name</strong> contains <em>playground</em></li><li><strong>Resource Tag</strong> contains <em>true</em></li></ul></td></tr><tr><td><strong>Does not contain (!a*b)</strong></td><td><p>Checks if a value does NOT contain another value as a substring or pattern</p><p><strong>Examples</strong>:</p><ul><li><strong>Resource Name</strong> does not contain <em>production</em></li><li><strong>Permission Name</strong> does not contain <em>admin</em></li></ul></td></tr><tr><td><strong>Starts with (*b)</strong></td><td><p>Checks if a value begins with a specific value or pattern</p><p><strong>Examples</strong>:</p><ul><li><strong>Resource Name</strong> starts with <em>aws</em></li><li><strong>Resource Tag</strong> for a <strong>region</strong> starts with <em>eu</em></li></ul></td></tr><tr><td><strong>Ends with (a*)</strong></td><td><p>Checks if a value ends with a specific value or pattern</p><p><strong>Examples</strong>:</p><ul><li><strong>Resource Name</strong> ends with <em>terraform-state</em></li><li><strong>Resource Tag</strong> for an <strong>env</strong> ends with <em>dev</em></li></ul></td></tr></tbody></table>

</details>

2. Click **+**. The **Create Space Access Scope** pop-up window appears.
3. Enter a **Space Access Scope Name**.
4. Click **Create Space Access Scope**.
5. (Optional) Repeat steps **1-4** to create an additional space access scope.
6. Select one or more space access scopes.

{% hint style="info" %}
When multiple space access scopes are selected, they are combined with `OR` logic. The space will include all resources matching any selected scope.

Global account access scopes cannot be used to define a space’s inventory.
{% endhint %}

7. Click **Create Space with X scopes**.

To view or manage a space, select it from the space selector in the top navigation. Space-scoped pages will update automatically based on your selection.