Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
8-13
Cisco IronPort AsyncOS 7.6 for Email Daily Management Guide
OL-25138-01
Chapter 8 Common Administrative Tasks
Working with User Accounts
connections to external authentication sources on the System Administration > Users page in the GUI
(or by using the
(or by using the
userconfig
command in the CLI). For information about using an external directory to
authenticate users, see
The default user account for the system, admin, has all administrative privileges. The admin user account
cannot be deleted, but you can change the password and lock the account.
cannot be deleted, but you can change the password and lock the account.
When you create a new user account, you assign the user to a predefined or a custom user role. Each role
contains differing levels of permissions within the system.
contains differing levels of permissions within the system.
Although there is no limit to the number of user accounts that you can create on the appliance, you cannot
create user accounts with names that are reserved by the system. For example, you cannot create the user
accounts named “operator” or “root.”
create user accounts with names that are reserved by the system. For example, you cannot create the user
accounts named “operator” or “root.”
Table 8-2
User Roles Listing
User Role
Description
Administrator
User accounts with the Administrator role have full access to all
configuration settings of the system. However, only the admin user has
access to the
configuration settings of the system. However, only the admin user has
access to the
resetconfig
and
revert
commands.
Note
AsyncOS does not support multiple administrators configuring the
Email Security appliance from the GUI simultaneously.
Email Security appliance from the GUI simultaneously.
Technician
User accounts with the Technician role can perform system upgrades, reboot
the appliance, and manage feature keys. Technicians can also perform the
following actions in order to upgrade the appliance:
the appliance, and manage feature keys. Technicians can also perform the
following actions in order to upgrade the appliance:
•
Suspend email delivery and receiving.
•
View status of workqueue and listeners.
•
Save and email configuration files.
•
Back up safelists and blocklists. Technicians cannot restore these lists.
•
Disconnect the appliance from a cluster.
•
Enable or disable remote service access for Cisco IronPort technical
support.
support.
•
Raise a support request.
Operator
User accounts with the Operator role are restricted from:
•
Creating or editing user accounts.
•
Issuing the
resetconfig
command.
•
Issuing the
systemsetup
command or running the System Setup
Wizard.
•
Issuing the
adminaccessconfig
command.
•
Performing some quarantine functions (including creating and deleting
quarantines).
quarantines).
•
Modifying LDAP server profile settings other than username and
password, if LDAP is enabled for external authentication.
password, if LDAP is enabled for external authentication.
Otherwise, they have the same privileges as the Administrator role.