Cisco Cisco FirePOWER Appliance 7010
48-43
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing User Accounts
If you enable password strength checking, the password must be at least eight alphanumeric characters
of mixed case and must include at least one numeric character and one special character. It cannot be a
word that appears in a dictionary or include consecutive repeating characters.
of mixed case and must include at least one numeric character and one special character. It cannot be a
word that appears in a dictionary or include consecutive repeating characters.
Note
If you enable STIG compliance on an appliance, see the FireSIGHT System STIG Release Notes
for Version 5.3 for more information on password settings for shell access users.
for Version 5.3 for more information on password settings for shell access users.
Step 6
Configure the remaining user account login options.
For more information, see the
table.
Step 7
If you are creating a local user through the web interface of a Series 3 device, you can assign the level
of
of
Command-Line Interface Access
for the user:
•
Select
None
to disable access to the command line for the user.
•
Select
Basic
to allow the user to log into the shell and to access a specific subset of commands.
•
Select
Configuration
to allow the user to log into the shell and use any command line option, including
expert mode if that is allowed on the appliance.
For more information on command line access, see
.
Step 8
Select access roles to grant to the user.
Note
For all physical managed devices, the Cisco-provided predefined user roles are limited to
Administrator, Maintenance User, and Security Analyst.
Administrator, Maintenance User, and Security Analyst.
For more information, see
.
Step 9
Click
Save
.
The user is created and the User Management page appears again.
Tip
Click the slider next to the name of an internally authenticated user on the User Management page to
reactivate a deactivated user, or to disable an active user account without deleting it.
reactivate a deactivated user, or to disable an active user account without deleting it.
Managing Command Line Access
License:
Any
Supported Devices:
Series 3, virtual
On a Series 3 or virtual device, you can assign command line interface access to local device users.
Note that you can also assign command line access for users on a virtual device, but you use commands
from the command line interface. For more information, see
from the command line interface. For more information, see
The commands a user can run depend on the level of access you assign to the user. When you set
Command-Line Interface Access
to
None
, the user cannot log into the appliance on the command line. Any
session the user starts will close when the user provides credentials. The access level defaults to
None
on
user creation. When you set
Command-Line Interface Access
to
Basic
, a specific set of commands can be run
by the user