Sec/User Mgmt: Add or Edit User Dialog

Document created by RSA Information Design and Development Employee on Mar 23, 2017Last modified by RSA Information Design and Development Employee on Apr 4, 2018
Version 3Show Document
  • View in full screen mode

This topic introduces the Add User and Edit User dialogs accessible from the Administration > Security > Users tab.

All users must either have a local user account with username and password or an external user account that is mapped to Security Analytics.

To display the Add User or Edit User dialog:

  1. In the Security Analytics menu, select Administration > Security.
    The Security view is displayed with the Users tab open.
  2. Do one of the following:
    • In the action bar, click .
      The Add User dialog is displayed.
    • Select a user and in the action bar, click .
      The Edit User dialog is displayed.

The Add User dialog is identical to the Edit User dialog shown here.

The Add User and Edit User dialogs show:

  • User information
  • Roles to which the user belongs
  • Security settings for queries

User Information

The following table provides descriptions of the user information.

Username Username for the Security Analytics user account.
Full Name Name of the user.
Password and
Confirm Password
Password to log on to Security Analytics.
Email Address of the user.
Description (Optional) Description of the user.
External Indicates the user is authenticated externally by Active Directory or PAM, rather than internally by Security Analytics. 
Force password change on Password Policy change Requires the user to change their password (at the next log on) when there are changes to the Security Analytics password strength policy. This field applies only to internal users.
Force password change on next login

Expires the user password the next time the user logs on to Security Analytics. This field applies only to internal users. This does not affect any active user sessions. The Clock icon appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.

Reset Form Removes any changes in process.
Cancel Closes the dialog.
Save Saves changes.

Roles Tab

The following table provides descriptions of the Roles tab features.

Icon-Add.png Opens the Add Role dialog that lists roles you could assign to the user.
Icon-Add.png Removes the selected role from being assigned to the user.
icon_ShowPerms.png Shows permissions for the selected role.
Name Lists each role assigned to the user.

Attributes Tab

The following table describes fields on the Attributes tab. You should not set these query-handling attributes at the user level unless you want to override assigned role settings. If you do not specify these settings for individual users, the settings are applied to users based on their role memberships. Step 3. Verify Query and Session Attributes per Role and Verify Query and Session Attributes per User provide additional information.

A value shown in italics indicates a default value, for example, 100000. A value shown without italics indicates a change from the default value, for example, 40.

SA Core Query Timeout (Optional) Specifies the maximum number of minutes that a user can run a query. This timeout only applies to queries performed from Investigation. By default, this is blank. If you specify a value, it overrides the assigned role settings. If this value is set, it must be zero (0) or greater. A value of zero represents no timeout.

Note: Security Analytics 10.5 and later Core services use this field.  

SA Core Query Level (Optional) Specifies the maximum number of minutes that a user can run a query. There are three query levels: 1, 2, and 3. The default query levels are Query Level 1 = 60 minutes, Query Level 2 = 40 minutes, and Query Level 3 = 20 minutes.

Note: Security Analytics 10.4 and earlier Core services use this field. Query Level is deprecated for Core services starting with Security Analytics 10.5. 

Concurrent Sessions Allowed Specifies the maximum number of Concurrent Sessions Allowed for a user. The default value is 100. If this value is set, it must be 1 or greater.
SA Core Query Prefix (Optional) Filters query results to restrict what the user sees. By default, this is blank. For example, the 'service' = 80 query prefix prepends to any queries run by the user and the user can only access meta of HTTP sessions. 
SA Core Session Threshold Controls how the service scans meta values to determine session counts. This value must be zero (0) or greater. If this value is greater than zero, a query optimization will extrapolate the total session counts that exceed the threshold. When the meta value returned by the query reaches the threshold, the system will:
  • Stop its determination of the session count
  • Show the threshold and percentage of query time used to reach the threshold
The limit you specify here overrides the Max Session Export value defined in Profile > Preferences > Investigation. The default value is 100000.
You are here
Table of Contents > References > Administration Security View > Add or Edit User Dialog