Sec/User Mgmt: Add a User and Assign a Role

Document created by RSA Information Design and Development on Jul 28, 2016Last modified by RSA Information Design and Development on Apr 26, 2017
Version 2Show Document
  • View in full screen mode
  

This topic explains how to add a new user to each type of user account, local and external. It also explains how to assign a role to a local user.

All Security Analytics users must have a local or external user account. 

The following considerations are important when managing local and external user accounts.

                         
Local User AccountExternal User Account
Managed within Security AnalyticsManaged externally and outside the scope of this document
Roles assigned directlyRoles assigned by external group mapping
Derives permissions from each role assigned to the user, as explained in this topicDerives permissions from each role mapped to the account's external user group, as explained in Step 5. (Optional) Map User Roles to External Groups.
Security Analytics manages all user information.Security Analytics manages user identification only. This includes Username, Full Name and Email.

Procedures

Each of the following procedures starts on the Users tab. To navigate to the Users tab, in the Security Analytics menu, select Administration > Security. The Security view is displayed with the Users tab open.

Add a User and Assign a Role

To add a local user account and assign a role to the user:

  1. In the Users tab, click  in the toolbar.
    The Add User dialog is displayed.
  2. Type the following account information for the new user:
  • Username for logging on to Security Analytics
  • Email address
  • Password for logging on to Security Analytics, in the Password and Confirm Password fields
  • Full Name of the new user
  • (Optional) Description of the user account
  1. To require the user to create a new password when there are changes to the password strength policy, select Force password change on Password Policy change
  2. To expire the user password the next time the user logs on, select Force password change on next login.
    This does not affect any active user sessions. The  appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.
  3. To assign a role to the user, click  in the Roles tab.
    The Add Role dialog shows the list of available roles.
  4. Select each role to assign and click Add.
    The Add User dialog shows each role to assign to the user.
  5. (Optional) Select a role and click  to Show all permissions for the role.
  6. (Optional) To specify query handling settings in the Attributes tab, see Verify Query and Session Attributes per User
  7. Click Save.
    The Users tab shows the new user and each role assigned to the user. The account is active immediately.

Add a User for External Authentication

Prerequisite: External authentication must be configured. Refer to Step 4. (Optional) Configure External Authentication.

To add a user that is authenticated externally, outside of Security Analytics:

  1. In the Users tab, click  in the toolbar.
    The Add User dialog is displayed.
  2. Select External to show only the fields required for external authentication.
  3. Type the following information:
  • Username for logging on to Security Analytics
  • Email address
  • Full Name of the new user
  • (Optional) Description of the user account
  1. (Optional) To specify query handling settings in the Attributes tab, see Verify Query and Session Attributes per User
  2. Click Save. The Users tab shows the new user account, which still needs a role and permissions.
  3. To map a role to the new user, see Step 5. (Optional) Map User Roles to External Groups.

Change User Information or Roles

To change a user's account information or assigned roles:

  1. In the Users tab, select a user and click  in the toolbar.
    The Edit User dialog is displayed.
  2. To edit user information, change any of the following fields:
  • Password
  • Email
  • Full Name
  • Description
  1. To change the account type, select or deselect External.

Note: If you change the account from local to external or vice versa, you must also change how the user receives permissions. For details, see the introduction to this topic.

  1. To require an internal user to create a new password when there are changes to the password strength policy, select Force password change on Password Policy change
  2. To expire the internal user password the next time the user logs on, select Force password change on next login.
    This does not affect any active user sessions. The  appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.
  3. In the Roles section:
  • To assign another role, click , select a role and click Add.
  • To remove an assigned role, select the role and click .
  1. Click Save.

Delete a User

  1. In the Users tab, select a user.
  2. In the toolbar, click .
  3. Click Save.

Note: To fully delete a user that is externally authenticated by Active Directory, you must also delete the user from the AD Group.

Previous Topic:Step 4. Set Up a User
You are here
Table of Contents > Manage Users with Roles and Permissions > Step 4. Set Up a User > Add a User and Assign a Role

Attachments

    Outcomes