30. General Settings » User Management

In Configuration » General Settings » User Management, you can add, modify and delete Console user accounts and roles.

USER_MANAGEMENT_OVERVIEW_8.2

To add a Console user account, press [Add User] and then select a proper Role. The Roles defined by default are Administrator and Operator, but you can add new Roles with fine-grained access control over reports and configuration objects by pressing [Manage Roles].

You can modify an account by double-clicking it, or by selecting it and by pressing the [Modify User] button.

USER_MANAGEMENT_GUEST8.01_png

The following parameters are mandatory:

User Name – Enter a unique account name
Role – Select one of the roles already defined in Configuration » General Settings » User Management » Manage Roles. If you want to assign a granular, permission-based access to reports and configuration objects, you may have to define a proper role first, and then to select it here
Authentication – The following authentication options are available:
Local Password – The user will be authenticated with the password entered in the Password field. Only the hash is stored in the database, so it’s not possible to decrypt the password
Remote Authentication – The user will be authenticated by the LDAP or RADIUS servers configured in General Settings » User Authentication
Landing Tab – Shows the tab that opens immediately after logging in. The list is dynamic and expands as you add Sensors, dashboards, IP groups, etc.
Console Notifications – Controls the visual and audio notifications sent via Responses. A page refresh may be needed for this option to take effect immediately
Console Theme – Allows you to change the look of the user interface
Console Icon Set – Allows you to change the look of the icons:
Auto – The icon set is automatically selected depending on the Console Theme (Modern for Modern Console themes, or Classic for the rest)
Modern – Modern icons are monochrome and SVG-based
Classic – Classic icons use colors and are bitmap-based
Reports Region – Lets you switch the position of the Reports Region
Configuration Region – Lets you switch the position of the Configuration Region
REST API Access – Controls whether the user has access to the REST API using his credentials:
Disabled – The user has no access to the REST API
Enabled – The user has access to the REST API
Exclusive – The user can use the REST API but has no access to Console
Minimum Severity – Select the minimum severity level of the events displayed in Console

30.1. Roles

Each Console user must be assigned to one role (access level). There are three role types:

Administrator – Has full privileges and is allowed to manage other user accounts
Operator – Can change any configuration but is not authorized to modify other user accounts, and has no access to General Settings » License Manager
Guest – Can be configured with a granular, permission-based access to specific reports, dashboards, Sensors, IP groups, tools, configuration objects, etc.

ROLE_MANAGEMENT_OVERVIEW_8.2

To add a new Guest role, go to Configuration » General Settings » User Management » Manage Roles and press [Add Role].

USER_ROLE_png

Mandatory parameters:

Role Name – Enter a unique role name
Reports Access
Full – The role has full access to the Reports Region, except for adding Dashboards
Custom – Click on the options button to define the granular permissions described in Custom Reports Access
Configuration Access
Disabled – The role has no access to the Configuration Region
Custom – Click on the options button to define the granular permissions described in Custom Configuration Access
South Region – Toggle to show or hide the South Region
Help Menu – Toggle to show or hide the Help Menu from the Upper Menus

30.1.1. Custom Reports Access

USER_ROLE_REPORTS_png

Allow Device Group(s) – Any object defined in Configuration » Components can be assigned to a Device Group. Here you can select which objects can be accessed by the role in the Reports » Devices panel
Allow IP Group(s) – The IP Zones(s) defined in Configuration » Network & Policy contain subnets and individual hosts. Each subnet and individual host can belong to an IP Group. Here you can select to which IP Groups the Role has access to
Allow Server(s) – Here you can select to which server the Role has access to

30.1.2. Custom Configuration Access

USER_ROLE_CONFIG_png