Cisco Cisco Firepower Management Center 4000

  

Along with assigning an event analyst role to a user, you can restrict that user’s deletion rights to only 
allow deletion of report profiles, searches, bookmarks, custom tables, and custom workflows created by 
that user. For more information, see 

.

Access Admin

Provides access to access control and file policy features. Note, however, that Access Admins 
cannot apply access control policies. Access Admins have access to access control and 
file-related options in the 

 menu.

Administrator

Provides access to analysis and reporting features, rule and policy configuration, system 
management, and all maintenance features. Administrators have access to all menu options; 
their sessions present a higher security risk if compromised, so you cannot make them exempt 
from login session timeouts.

Note that you should limit use of the Administrator role for security reasons.

This role is also available on managed devices.

Discovery Admin

Provides access to network discovery, correlation, and user activity features. Discovery Admins 
have access to relevant options in the 

 menu.

External Database User

Provides read-only access to the FireSIGHT System database using an application that supports 
JDBC SSL connections. Note that for the third-party application to authenticate to the 
FireSIGHT System appliance, you must enable database access in the system settings as 
described in 

. On the web interface, External 

Database Users have access only to online help-related options in the 

 menu. Because this 

role’s function does not involve the web interface, access is provided only for ease of support 
and password changes.

Intrusion Admin 

Provides access to all intrusion policy and intrusion rule features. Intrusion Admins have access 
to intrusion-related options in the 

 menu. Note that Intrusion Admins cannot apply 

intrusion policies as part of access control policies.

Maintenance User

Provides access to monitoring and maintenance features. Maintenance Users have access to 
maintenance-related options in the 

 and 

 menus.

This role is also available on managed devices.

Network Admin

Provides access to access control and device configuration features. Network Admins have 
access to access control and device-related options in the 

 and 

 menus.

Security Analyst

Provides access to security event analysis features, including event views, reports, hosts, host 
attributes, services, vulnerabilities, client applications, and read-only access to health events. 
Security Analysts have access to analysis-related options in the 

, 

, 

, and 

 menus.

This role is also available on managed devices.

Security Analyst (Read 
Only)

Provides read-only access to security event analysis features, including event views, reports, 
hosts, host attributes, services, vulnerabilities, client applications, and health events. Security 
Analysts have access to analysis-related options in the 

, 

, 

, and 

 

menus.

Security Approver

Provides limited access to access control, intrusion, file, and network discovery policies. 
Security Approvers can view these policies and apply network discovery, intrusion, and access 
control policies, but cannot make policy changes. They have access to applicable policy-related 
options in the 

 menu.