30. General Settings » User Management

In Configuration » General Settings » User Management, you can add, modify and delete Console user accounts and roles.

USER_MANAGEMENT_OVERVIEW_8.2

To add a Console user account, press [Add User], then select an appropriate Role. By default, the available Roles are Administrator and Operator, but you can add new Roles with fine-grained access control over reports and configuration objects by pressing [Manage Roles].

You can modify an existing account by double-clicking it or by selecting it and pressing [Modify User].

USER_MANAGEMENT_GUEST8.01_png

The following parameters are mandatory:

Username – Enter a unique account name
Role – Select one of the roles already defined in Configuration » General Settings » User Management » Manage Roles. If you want to assign a granular, permission-based access to reports and configuration objects, you may need to create a suitable role first, then to select it here
Authentication – The following authentication options are available:
Local Password – The user will be authenticated with the password entered by clicking the Options button. Only the password hash is stored in the database, making it impossible to decrypt the password
Remote Authentication – The user will be authenticated by the LDAP or RADIUS servers configured in General Settings » User Authentication
REST API Access – Controls whether the user has access to the REST API using their own credentials or an API Key entered by clicking the Options button:
Disabled – The user has no access to the REST API
Enabled – The user has access to the REST API and to the Console
Exclusive – The user can use the REST API but has no access to Console
Two-factor Authentication – When enabled, the user must use a Time-Based One-Time Password (TOTP) mechanism for authentication, using an app such as Google Authenticator. TOTP only works if the clocks on the server and on the mobile device are synchronized
Expiry Date – The user cannot authenticate after the selected date. To disable the expiry date, leave the field blank
Landing Tab – Specifies which tab is displayed immediately after logging in. The list is dynamic and will expand as you add sensors, dashboards, IP groups, and other items
Console Notifications – Controls the visual and audio notifications sent via Responses. A page refresh may be needed for changes to take effect immediately
Console Theme – Allows you to change the overall appearance of the user interface
Console Icon Set – Allows you to change the appearance of icons:
Auto – Automatically selects the icon set based on the chosen Console Theme (Modern for modern themes, or Classic for others)
Modern – Monochrome, SVG-based icons
Classic – Colored, bitmap-based icons
Reports Region – Lets you change the position of the Reports Region in the interface
Configuration Region – Lets you change the position of the Configuration Region in the interface
Minimum Severity – Select the minimum severity level for events displayed in the Console
Default Time Range – Select the default time range to use when opening dashboards

30.1. Roles

Each Console user must be assigned to one role (access level). There are three role types:

Administrator – Has full privileges and is allowed to manage other user accounts
Operator – Can change any configuration but is not authorized to modify other user accounts, and has no access to General Settings » License Manager
Guest – Can be configured with granular, permission-based access to specific reports, dashboards, Sensors, IP groups, tools, configuration objects, and more

ROLE_MANAGEMENT_OVERVIEW_8.2

To add a new Guest role, go to Configuration » General Settings » User Management » Manage Roles and press [Add Role].

USER_ROLE_png

Mandatory parameters:

Role Name – Enter a unique name for the role
Reports Access
Full – The role has full access to the Reports Region but cannot add new Dashboards
Custom – Click the options button to define granular permissions as described in Custom Reports Access
Configuration Access
Disabled – The role has no access to the Configuration Region
Custom – Click the options button to define granular permissions as described in Custom Configuration Access
South Region – Toggle to show or hide the South Region
Help Menu – Toggle to show or hide the Help Menu in the Upper Menus

30.1.1. Custom Reports Access

USER_ROLE_REPORTS_png

Allow Device Group(s) – Any object defined in Configuration » Components can be assigned to a Device Group. Here, you can select which objects the role can access in the Reports » Devices panel
Allow IP Group(s) – The IP Zones(s) defined in Configuration » Network & Policy contain subnets and individual hosts. Each subnet or host can belong to an IP Group. Here, you can select which IP Groups the role can access
Allow Server(s) – Here, you can select which server the role can access

30.1.2. Custom Configuration Access

USER_ROLE_CONFIG_png