Sec/User Mgmt: Add or Edit User Dialog

Document created by RSA Information Design and Development on Jul 28, 2016
Version 1Show Document
  • View in full screen mode

All users must either have a local user account with username and password or an external user account that is mapped to Security Analytics.

To display the Add User or Edit User dialog:

  1. In the Security Analytics menu, select Administration > Security.
    The Security view is displayed with the Users tab open.
  2. Do one of the following:
    • In the action bar, click icon_add.png.
      The Add User dialog is displayed.
    • Select a user and in the action bar, click icon_edit.png.
      The Edit User dialog is displayed.

The Add User dialog is identical to the Edit User dialog shown here.


The Add User and Edit User dialogs show:

  • User information
  • Roles to which the user belongs
  • Security settings for queries

User Information

The following table provides descriptions of the user information.

UsernameUsername for the Security Analytics user account.
Full NameName of the user.
Password and
Confirm Password
Password to log on to Security Analytics.
EmailAddress of the user.
Description(Optional) Description of the user.
ExternalIndicates the user is authenticated externally by Active Directory or PAM, rather than internally by Security Analytics
Force password change on policy changeRequires the user to change their password (at the next log on) when there are changes to the Security Analytics password strength policy. This field applies only to internal users.
Force password change on next loginExpires the user password the next time the user logs on to Security Analytics. This field applies only to internal users. 
This does not affect any active user sessions. The Clock icon appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.
Reset FormRemoves any changes in process.
CancelCloses the dialog.
SaveSaves changes.

Roles Tab

The following table provides descriptions of the Roles tab features.

Icon-Add.pngOpens the Add Role dialog that lists roles you could assign to the user.
del_report.pngRemoves the selected role from being assigned to the user.
icon_ShowPerms.pngShows permissions for the selected role.
NameLists each role assigned to the user.

Attributes Tab

The following table describes fields on the Attributes tab. You should not set these query-handling attributes at the user level unless you want to override assigned role settings. If you do not specify these settings for individual users, the settings are applied to users based on their role memberships. Step 3: Verify Query and Session Attributes per Role provide additional information.

A value shown in italics indicates a default value, for example, 1000. A value shown without italics indicates a change from the default value, for example, 40.

SA Core Query Timeout(Optional) Specifies the maximum number of minutes that a user can run a query. This timeout only applies to queries performed from Investigation. By default, this is blank. If you specify a value, it overrides the assigned role settings. If this value is set, it must be zero (0) or greater. A value of zero represents no timeout.

Note: Security Analytics 10.5 and later Core services use this field.  

SA Core Query Level(Optional) Specifies the maximum number of minutes that a user can run a query. There are three query levels: 1, 2, and 3. The default query levels are Query Level 1 = 60 minutes, Query Level 2 = 40 minutes, and Query Level 3 = 20 minutes.

Note: Security Analytics 10.4 and earlier Core services use this field. Query Level is deprecated for Core services starting with Security Analytics 10.5. 

SA Core Query Prefix(Optional) Filters query results to restrict what the user sees. By default, this is blank. For example, the 'service' = 80 query prefix prepends to any queries run by the user and the user can only access meta of HTTP sessions. 
SA Core Session ThresholdControls how the service scans meta values to determine session counts. This value must be zero (0) or greater. If this value is greater than zero, a query optimization will extrapolate the total session counts that exceed the threshold. When the meta value returned by the query reaches the threshold, the system will:
  • Stop its determination of the session count
  • Show the threshold and percentage of query time used to reach the threshold
The default value is 100000. The limit you specify here overrides the Max Session Export value defined in the Profile > Preferences > Investigation.
You are here: References > Administration Security View > Add or Edit User Dialog