30. General Settings » User Management¶
In Configuration » General Settings » User Management, you can add, modify and delete Console user accounts and roles.
To add a Console user account, press [Add User] and then select a proper Role. The Roles defined by default are Administrator and Operator, but you can add new Roles with fine-grained access control over reports and configuration objects by pressing [Manage Roles].
You can modify an account by double-clicking it, or by selecting it and by pressing the [Modify User] button.
The following parameters are mandatory:
● Username – Enter a unique account name● Role – Select one of the roles already defined in Configuration » General Settings » User Management » Manage Roles. If you want to assign a granular, permission-based access to reports and configuration objects, you may have to define a proper role first, and then to select it here● Authentication – The following authentication options are available:▪ Local Password – The user will be authenticated with the password entered in the Password field. Only the hash is stored in the database, so it’s not possible to decrypt the password▪ Remote Authentication – The user will be authenticated by the LDAP or RADIUS servers configured in General Settings » User Authentication● Landing Tab – Shows the tab that opens immediately after logging in. The list is dynamic and expands as you add Sensors, dashboards, IP groups, etc.● Console Notifications – Controls the visual and audio notifications sent via Responses. A page refresh may be needed for this option to take effect immediately● Console Theme – Allows you to change the look of the user interface● Console Icon Set – Allows you to change the look of the icons:▪ Auto – The icon set is automatically selected depending on the Console Theme (Modern for Modern Console themes, or Classic for the rest)▪ Modern – Modern icons are monochrome and SVG-based▪ Classic – Classic icons use colors and are bitmap-based● Reports Region – Lets you switch the position of the Reports Region● Configuration Region – Lets you switch the position of the Configuration Region● REST API Access – Controls whether the user has access to the REST API using his credentials:▪ Disabled – The user has no access to the REST API▪ Enabled – The user has access to the REST API▪ Exclusive – The user can use the REST API but has no access to Console● Minimum Severity – Select the minimum severity level of the events displayed in Console
30.1. Roles¶
Each Console user must be assigned to one role (access level). There are three role types:
● Administrator – Has full privileges and is allowed to manage other user accounts● Operator – Can change any configuration but is not authorized to modify other user accounts, and has no access to General Settings » License Manager● Guest – Can be configured with a granular, permission-based access to specific reports, dashboards, Sensors, IP groups, tools, configuration objects, etc.
To add a new Guest role, go to Configuration » General Settings » User Management » Manage Roles and press [Add Role].
Mandatory parameters:
● Role Name – Enter a unique role name● Reports Access▪ Full – The role has full access to the Reports Region, except for adding Dashboards▪ Custom – Click on the options button to define the granular permissions described in Custom Reports Access● Configuration Access▪ Disabled – The role has no access to the Configuration Region▪ Custom – Click on the options button to define the granular permissions described in Custom Configuration Access● South Region – Toggle to show or hide the South Region● Help Menu – Toggle to show or hide the Help Menu from the Upper Menus