Cisco Cisco Firepower Management Center 2000
48-49
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing User Accounts
Note that externally authenticated users, if assigned no other roles, have minimum access rights based
on the settings in LDAP or RADIUS authentication objects and in the system policy. You can assign
additional rights to these users, but to remove or change minimum access rights, you must perform the
following tasks:
on the settings in LDAP or RADIUS authentication objects and in the system policy. You can assign
additional rights to these users, but to remove or change minimum access rights, you must perform the
following tasks:
•
Move the user from one list to another in the authentication object or change the user's attribute
value or group membership on the external authentication server.
value or group membership on the external authentication server.
•
Reapply the system policy.
•
Use the User Management page to remove the access from that user account.
You cannot delete predefined user roles, but you can deactivate them. Deactivating a role removes that
role and all associated permissions from any user who is assigned that role.
role and all associated permissions from any user who is assigned that role.
Caution
If a deactivated role is the only role assigned to a given user, that user can log in and access the User
Preferences menu, but is otherwise unable to access the FireSIGHT System.
Preferences menu, but is otherwise unable to access the FireSIGHT System.
To activate or deactivate a user role:
Access:
Admin
Step 1
Select
System > Local > User Management
.
The User Management page appears.
Step 2
Click the
User Roles
tab.
The User Roles page appears.
Step 3
Click the slider next to the user role you want to activate or deactivate.
Note
If you deactivate, then reactivate, a role with Lights-Out Management while a user with that role
is logged in, or restore a user or user role from a backup during that user’s login session, that
user must log back into the web interface to regain access to IPMItool commands. For more
information, see
is logged in, or restore a user or user role from a backup during that user’s login session, that
user must log back into the web interface to regain access to IPMItool commands. For more
information, see
.
Managing Custom User Roles
License:
Any
In addition to the predefined user roles, you can also create custom user roles with specialized access
privileges. Custom user roles can have any set of menu-based and system permissions, and may be
completely original or based on a predefined user role. Like predefined user roles, custom roles can serve
as the default role for externally authenticated users. Unlike predefined roles, you can modify and delete
custom roles.
privileges. Custom user roles can have any set of menu-based and system permissions, and may be
completely original or based on a predefined user role. Like predefined user roles, custom roles can serve
as the default role for externally authenticated users. Unlike predefined roles, you can modify and delete
custom roles.
Selectable permissions are hierarchical, and are based on the FireSIGHT System menu layout.
Permissions are expandable if they have sub-pages or if they have more fine-grained permissions
available beyond simple page access. In that case, the parent permission grants page view access and the
children granular access to related features of that page. For example, the Correlation Events permission
Permissions are expandable if they have sub-pages or if they have more fine-grained permissions
available beyond simple page access. In that case, the parent permission grants page view access and the
children granular access to related features of that page. For example, the Correlation Events permission