Cisco Cisco Firepower Management Center 4000
48-48
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing User Accounts
Along with assigning an event analyst role to a user, you can restrict that user’s deletion rights to only
allow deletion of report profiles, searches, bookmarks, custom tables, and custom workflows created by
that user. For more information, see
allow deletion of report profiles, searches, bookmarks, custom tables, and custom workflows created by
that user. For more information, see
.
Table 48-5
Predefined User Roles
User Role
Privileges
Access Admin
Provides access to access control and file policy features. Note, however, that Access Admins
cannot apply access control policies. Access Admins have access to access control and
file-related options in the
cannot apply access control policies. Access Admins have access to access control and
file-related options in the
Policies
menu.
Administrator
Provides access to analysis and reporting features, rule and policy configuration, system
management, and all maintenance features. Administrators have access to all menu options;
their sessions present a higher security risk if compromised, so you cannot make them exempt
from login session timeouts.
management, and all maintenance features. Administrators have access to all menu options;
their sessions present a higher security risk if compromised, so you cannot make them exempt
from login session timeouts.
Note that you should limit use of the Administrator role for security reasons.
This role is also available on managed devices.
Discovery Admin
Provides access to network discovery, correlation, and user activity features. Discovery Admins
have access to relevant options in the
have access to relevant options in the
Policies
menu.
External Database User
Provides read-only access to the FireSIGHT System database using an application that supports
JDBC SSL connections. Note that for the third-party application to authenticate to the
FireSIGHT System appliance, you must enable database access in the system settings as
described in
JDBC SSL connections. Note that for the third-party application to authenticate to the
FireSIGHT System appliance, you must enable database access in the system settings as
described in
. On the web interface, External
Database Users have access only to online help-related options in the
Help
menu. Because this
role’s function does not involve the web interface, access is provided only for ease of support
and password changes.
and password changes.
Intrusion Admin
Provides access to all intrusion policy and intrusion rule features. Intrusion Admins have access
to intrusion-related options in the
to intrusion-related options in the
Policies
menu. Note that Intrusion Admins cannot apply
intrusion policies as part of access control policies.
Maintenance User
Provides access to monitoring and maintenance features. Maintenance Users have access to
maintenance-related options in the
maintenance-related options in the
Health
and
System
menus.
This role is also available on managed devices.
Network Admin
Provides access to access control and device configuration features. Network Admins have
access to access control and device-related options in the
access to access control and device-related options in the
Policies
and
Devices
menus.
Security Analyst
Provides access to security event analysis features, including event views, reports, hosts, host
attributes, services, vulnerabilities, client applications, and read-only access to health events.
Security Analysts have access to analysis-related options in the
attributes, services, vulnerabilities, client applications, and read-only access to health events.
Security Analysts have access to analysis-related options in the
Overview
,
Analysis
,
Health
, and
System
menus.
This role is also available on managed devices.
Security Analyst (Read
Only)
Only)
Provides read-only access to security event analysis features, including event views, reports,
hosts, host attributes, services, vulnerabilities, client applications, and health events. Security
Analysts have access to analysis-related options in the
hosts, host attributes, services, vulnerabilities, client applications, and health events. Security
Analysts have access to analysis-related options in the
Overview
,
Analysis
,
Health
, and
System
menus.
Security Approver
Provides limited access to access control, intrusion, file, and network discovery policies.
Security Approvers can view these policies and apply network discovery, intrusion, and access
control policies, but cannot make policy changes. They have access to applicable policy-related
options in the
Security Approvers can view these policies and apply network discovery, intrusion, and access
control policies, but cannot make policy changes. They have access to applicable policy-related
options in the
Policies
menu.