Working with roles

When an administrator account is defined on the Global Settings > General > Administrators page, it can either be assigned access to specific Security Manager modules, or be granted Global Security Administrator access to all modules.

In the Data Security module, fine-tune permissions by assigning administrators roles: specific sets of permissions.

For example, one administrator may be responsible for installing and deploying system components. Another may configure and fine-tune security policies. A third may view and respond to incident logs and reports. Each of these administrators may need access to different system functions, with only the Super Administrator requiring access to all.

By default, the following roles are defined:

  • Super Administrator can access all configuration and management screens in the Data Security module with read and write privileges. This is different from Global Security Administrators who have Super Administrator privileges to all Security Manager modules.
  • System Administrator can access the system settings functions, the deployment options, and the Status screens. This role is designed for IT or infrastructure administrators responsible for installing and maintaining the system infrastructure.
  • Policy Manager can configure policies, as well as qualify and assign incidents.
  • Incident Manager can access reports, incident details, and workflow. Manages incident handling.
  • Auditor can review policies, rules, and content classifiers for regulatory compliance.
  • Default can access only reports and the Dashboard. This role is assigned to new administrator accounts when they are granted Data Security module access on the Global Settings > General > Administrators page.
  • Multiple Combined has privileges from several roles. This applies only to network administrators who belong to multiple user directory groups. When such administrators log on to the Security Manager, the system automatically generates a custom role that unifies the roles of all their groups. Because they are system- generated, these combined roles are not listed on the roles screen. Administrators with this role see this role name in the toolbar when they log on.

Optionally edit access privileges for the default roles or add new roles.

Steps

  1. Go to the Settings > > Authorization > Roles page.

    The page lists all the roles that have been defined, along with the permissions set for the roles and descriptions.

  2. Click a name to edit a role, or click New to define a new role.
  3. To delete a role, select it, then click Delete.
    Changes to roles are recorded in the audit log.