Working with users and groups

Users and groups must be added to the system so that they have access to the ESM, its devices, its policies, and their associated privileges.

When in FIPS mode, ESM has four possible user roles: User, Power User, Key & Certificate Admin, and Audit Admin. When not in FIPS mode, there are two types of user accounts: System Administrator and General User.

The Users and Groups page has two sections:

  • Users — Names of users, the number of sessions that each user has open currently, and the groups to which they belong.
  • Groups — Names of groups and a description of the privileges assigned to each one.

Note: You can sort the tables by clicking Username, Sessions, or Group Name.

Group privileges

When you set up a group, you set the privileges for the members of the group.

If you select Limit access of this group on the Privileges page of Add Group (System PropertiesAdd Group ), access to these features is limited.

  • Actions toolbar — Users can't access device management, multi-device management, or Event Streaming Viewer.
  • Alarms — The users in the group have no access to alarm management recipients, files, or templates. They can't create, edit, remove, enable, or disable alarms.
  • Asset Manager and Policy Editor — Users can't access these features.
  • Case Management — Users can access all features except Organization.
  • ELM — Users can perform enhanced ELM searches but can't save them or access ELM device properties.
  • Filters — Users can't access String Normalization, Active Directory, Assets, Asset Groups, or Tags filter tabs.
  • Reports — Users can only run a report that emails the output to them.
  • System Properties — Users can access only Reports and Watchlists.
  • Watchlists — Users can't add a dynamic watchlist.
  • Zones — Users can view only zones they have access to in their list of zones.