Like employees in a company, users of OTUS, SIEM have roles. This topic explains how to create and manage roles. There are basically three types of roles. 1. Built-in roles, 2. Access Roles and 3. View Roles. The table below summarizes the responsibilities of each of them.
Role - Type |
Function |
Examples |
Built-In Roles |
Define what actions users are permitted to perform in the application. Cannot be created or deleted. They are built-in. |
config - allows simple configuration of servers, groups and distribution. config advanced - permits advanced configuration functions such as configuring distribution, storage, settings user_config - permits administration of users/roles user_config_self - permits changing user info (username, password) but not roles for themselves (i.e for the logged-in user) Everyone by default has this role. superuser - Can perform any or all the functions of the application. report - A special function that permits a read-only view of all data and no configuration capability |
Access Roles |
Define the time periods, a logged-in user can access the application. Users with the user_config role can create Access Roles. |
always - users can access the system anytime working_hours - users can access the application only during working hours of the company |
View Roles |
Define what data a user can view on the application. Users with the user_config role can create View Roles. |
Note: The Roles option in the Configuration menu is displayed only for Superusers or users with the user_config role.
This topic discusses the creation and managing of the various types of roles.
To manage the roles click Roles from the Configuration menu.
The following page is displayed
Click the View roles tab to view the other roles such as built-in roles.
To create an access role
1. Click on the Access roles page. The web page displays additional fields as shown below.
2. Enter a name for the new access role in the Name box.
3. Enter a time period (use the existing time formats as a hint) in the Access box.
4. Click .
To modify an access role
1. Double-click the field that needs to be modified and the field is enabled for editing as shown below. In the example below the Access field of an access role was double-clicked.
2. Modify the field as per your requirement.
Note: A few correct formats are mon-sat 09:00-09:30, 09:00-10:00, mon-fri 09:00-09:30, 10:00-13:30 etc.,
3. Click to save the changes. Click
to quit without saving the changes.
To delete an access role
1. Select an access role from the list. It is highlighted by a blue background as shown below.
2. Click .
.
3. Click Yes to delete or click No to abort the operation.
Caution: Exercise this function with care. The process cannot be undone. All data is deleted.
To create a view role
Ensure you are at the View Roles page as shown below.
1. Click . The following fields and buttons are displayed.
2. Enter the name of a role in the Name box.
3. Click inside the Servers box to choose one or more servers from the drop-down list.
Note: Users assigned this role can view data originating only from these server. You can search for servers by typing the first few characters of the server name. To delete a server from the Servers box, click the "X" symbol of the server.
4. Click inside the Groups box to choose one or more groups from the drop-down list.
Note: Users assigned this role can view data originating only from servers that are assigned to these groups. You can search for groups by typing the first few characters of the group's name. To delete a server from the Groups box, click the "X" symbol of the group.
5. Click inside the From box to invoke the calendar as shown below.
Use the calendar control to select a From date for the role. The role is in effect in the system from the From date onwards.
Note: Users assigned this role can view log data created only during this date/time range.
7. Click . The new role is listed in the table displaying roles in the system. To quit without saving click
.
To modify a view role
1. Double-click the field that needs to be modified and the field is enabled for editing as shown below. In the example below the Name field of a view role was double-clicked.
2. Modify the field and click to save the changes. Click
to quit without saving the changes.
To delete a view role
1. Select the view role to delete. The role is highlighted as shown below.
2. Click . The delete confirmation dialog is displayed.
3. Click Yes to delete. Click No to quit.