Cisco Cisco Firepower Management Center 4000
48-47
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing User Accounts
Configuring User Roles
License:
Any
Each FireSIGHT System user has an associated user access role or roles. For example, an analyst needs
access to event data to analyze the security of your network, but might not require access to
administrative functions for the FireSIGHT System itself. Using user roles, you can, for example, grant
Security Analyst access to analysts while reserving the Administrator role for the user or users managing
the FireSIGHT System. The FireSIGHT System includes ten predefined user roles designed for a variety
of administrators and analysts. You can also create custom user roles with specialized access privileges.
access to event data to analyze the security of your network, but might not require access to
administrative functions for the FireSIGHT System itself. Using user roles, you can, for example, grant
Security Analyst access to analysts while reserving the Administrator role for the user or users managing
the FireSIGHT System. The FireSIGHT System includes ten predefined user roles designed for a variety
of administrators and analysts. You can also create custom user roles with specialized access privileges.
The menus and other options in the web interface that users can access depend on their roles. Predefined
user roles have a set of predetermined access privileges, while custom user roles have granular access
privileges that their creator determines.
user roles have a set of predetermined access privileges, while custom user roles have granular access
privileges that their creator determines.
You configure user roles on the User Roles page.
To access the User Roles page:
Access:
Admin
Step 1
Select
System > Local > User Management
.
The User Management page appears.
Step 2
Click the
User Roles
tab.
The User Roles page appears, showing all predefined and custom user roles, with options to activate,
deactivate, edit, copy, delete, and export roles.
deactivate, edit, copy, delete, and export roles.
For more information on configuring the two types of user roles, see the following sections:
•
•
•
•
Managing Predefined User Roles
License:
Any
The FireSIGHT System includes ten predefined user roles that provide a range of access privilege sets
to meet the needs of your organization. On the User Roles page, predefined user roles are labeled “Cisco
Provided”. Note that managed devices have access to only three of the ten predefined user roles:
Administrator, Maintenance User, and Security Analyst.
to meet the needs of your organization. On the User Roles page, predefined user roles are labeled “Cisco
Provided”. Note that managed devices have access to only three of the ten predefined user roles:
Administrator, Maintenance User, and Security Analyst.
Although you cannot edit predefined user roles, you can use their access privilege sets as the basis for
custom user roles. For information on creating and editing custom user roles, see
custom user roles. For information on creating and editing custom user roles, see
. In addition, because you cannot edit predefined user roles, you cannot configure them
to escalate to another user role. For more information, see
.
The following table briefly describes the predefined roles available to you. For a list of the menus and
options available to each role, see
options available to each role, see