Sec/User Mgmt: Add a User and Assign a Role

Document created by RSA Information Design and Development on Jul 28, 2016
Version 1Show Document
  • View in full screen mode
 

This topic explains how to add a new user to each type of user account, local and external. It also explains how to assign a role to a local user.

All Security Analytics users must have a local or external user account. 

The following considerations are important when managing local and external user accounts.

                 
Local User AccountExternal User Account
Managed within Security AnalyticsManaged externally and outside the scope of this document
Roles assigned directlyRoles assigned by external group mapping
Derives permissions from each role assigned to the user, as explained in this topicDerives permissions from each role mapped to the account's external user group, as explained in Step 5: (Optional) Map User Roles to External Groups.
Security Analytics manages all user information.Security Analytics manages user identification only. This includes Username, Full Name and Email.

Each of the following procedures starts on the Users tab. To navigate to the Users tab, in the Security Analytics menu, select Administration > Security. The Security view is displayed with the Users tab open.

Add a User and Assign a Role

To add a local user account and assign a role to the user:

  1. In the Users tab, click icon_add.png  in the toolbar.
    The Add User dialog is displayed.
    AddUserdb.png
  2. Type the following account information for the new user:
  • Username for logging on to Security Analytics
  • Email address
  • Password for logging on to Security Analytics, in the Password and Confirm Password fields
  • Full Name of the new user
  • (Optional) Description of the user account
  1. To require the user to create a new password when there are changes to the password strength policy, select Force password change on policy change
  2. To expire the user password the next time the user logs on, select Force password change on next login.
    This does not affect any active user sessions. The Clock icon appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.
  3. To assign a role to the user, click icon_add.png in the Roles tab.
    The Add Role dialog shows the list of available roles.
    AddRoleSelect.png
  4. Select each role to assign and click Add.
    The Add User dialog shows each role to assign to the user.
    AddUserExmpl.png
  5. (Optional) Select a role and click icon_ShowPerms.png to Show all permissions for the role.
  6. (Optional) To specify query handling settings in the Attributes tab, see Verify Query and Session Attributes per User
    AddUserAttribEx.png
  7. Click Save.
    The Users tab shows the new user and each role assigned to the user. The account is active immediately.
    SecUsrsTbEx.png

Add a User for External Authentication

Prerequisite:Step 4: (Optional) Configure External Authentication must be configured.

To add a user that is authenticated externally, outside of Security Analytics:

  1. In the Users tab, click icon_add.png in the toolbar.
    The Add User dialog is displayed.
  2. Select External to show only the fields required for external authentication.
    AddUserExtrnl.png
  3. Type the following information:
  • Username for logging on to Security Analytics
  • Email address
  • Full Name of the new user
  • (Optional) Description of the user account
  1. (Optional) To specify query handling settings in the Attributes tab, see Verify Query and Session Attributes per User
  2. Click Save. The Users tab shows the new user account, which still needs a role and permissions.
  3. To map a role to the new user, see Search for External Groups.

Change User Information or Roles

To change a user's account information or assigned roles:

  1. In the Users tab, select a user and click icon-edit.png in the toolbar.
    The Edit User dialog is displayed.
  2. To edit user information, change any of the following fields:
  • Password
  • Email
  • Full Name
  • Description
  1. To change the account type, select or deselect External.

Note: If you change the account from local to external or vice versa, you must also change how the user receives permissions. For details, see the introduction to this topic.

  1. To require an internal user to create a new password when there are changes to the password strength policy, select Force password change on policy change
  2. To expire the internal user password the next time the user logs on, select Force password change on next login.
    This does not affect any active user sessions. The Clock icon appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.
  3. In the Roles section:
  • To assign another role, click icon_add.png, select a role and click Add.
  • To remove an assigned role, select the role and click icon_delete.png.
  1. Click Save.

Delete a User

  1. In the Users tab, select a user.
  2. In the toolbar, click Icon_Delete_sm.png.
  3. Click Save.

Note: To fully delete a user that is externally authenticated by Active Directory, you must also delete the user from the AD Group.

You are here: Manage Users with Roles and Permissions > Step 4. Set Up a User > Add a User and Assign a Role

Attachments

    Outcomes