In SSB, user rights can be assigned to usergroups. SSB has numerous usergroups defined by default, but custom user groups can be defined as well. Every group has a set of privileges: which pages of the SSB web interface it can access, and whether it can only view (read) or also modify (read & write/perform) those pages or perform certain actions.
Figure 50: AAA > Access Control — Managing SSB users
|
NOTE:
Every group has either read or read & write/perform privileges to a set of pages. |
For details on assigning privileges to a usergroup, see Assigning privileges to usergroups for the SSB web interface.
For details on modifying existing groups, see Modifying group privileges.
For details on finding usergroups that have a specific privilege, see Finding specific usergroups.
For tips on using usergroups, see How to use usergroups.
For a detailed description about the privileges of the built-in usergroups, see Built-in usergroups of SSB.
The admin user is available by default and has all privileges, except that it cannot remotely access the shared logspaces. It is not possible to delete this user.
The following describes how to assign privileges to a new group.
To assign privileges to a new group
Navigate to AAA > Access Control and click .
Find your usergroup. If you start typing the name of the group you are looking for, the autocomplete function will make finding your group easier for you.
Click located next to the name of the group. The list of available privileges is displayed.
Select the privileges (pages of the SSB interface) to which the group will have access and click Save.
|
NOTE:
To export the configuration of SSB, the Export configuration privilege is required. To import a configuration to SSB, the Import configuration privilege is required. To update the firmware and set the active firmware, the Basic settings > System privilege is required. |
Select the type of access (read or read & write) from the Type field.
Click .
The following describes how to modify the privileges of an existing group.
To modify the privileges of an existing group
Navigate to AAA > Access Control.
Find the group you want to modify and click . The list of available privileges is displayed.
Select the privileges (pages of the SSB interface) to which the group will have access and click Save.
Figure 51: AAA > Access Control — Modifying group privileges
|
Caution:
Assigning the Search privilege to a user on the AAA page grants the user search access to every logspace, even if the user is not a member of the groups listed in the Access Control option of the particular logspace. |
Select the type of access (read or read & write) from the Type field.
Click .
The Filter ACLs section of the AAA > Access Control page provides you with a simple searching and filtering interface to search the names and privileges of usergroups.
Figure 52: AAA > Access Control — Finding specific usergroups
To select usergroups starting with a specific string, enter the beginning of the name of the group into the Group field and select Search.
To select usergroups who have a specific privilege, click , select the privilege or privileges you are looking for, and click Search.
To filter for read or write access, use the Type option.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy