This exercise demonstrates the creation, configuration, and application of User Roles.
The User Role feature enables ZeroLock Management Console (ZMC) administrators to configure a role by granularly setting permissions for three (3) sections of the ZMC.
User Roles may be permitted to Modify or View specific subsections within these three sections.
Modify enables the user to make changes in the assigned section of the ZMC and view the changes. Users with this permission option can duplicate, edit, and delete User Roles.
View alone only permits the user to view the settings for a ZMC section. The options to duplicate, edit, and delete are not available.
However, employing the User Role allows for greater granular control of permissions and provides a more focused approach to allowing specific actions.
Exercise A: The administrator wants to configure a User to view alerts for a single endpoint group.
To accomplish this, the first step is to create a User Role.
- Go to Manage Users | User Roles, then select Add New Role.
- The New User Role screen consists of fields for the name and description, followed by three (3) sections used to configure what someone with that User Role may modify and view. Select CREATE once the name and description have been entered, since no options are being added.
- With the User Role created, the next step is to assign it to an Endpoint Group. From the ACTIONS drop-down menu, select Add to or Remove from Groups.
In the dialog box that appears, select the Demonstration Endpoint Group.
- Select System Configuration | Endpoint Groups, then click the box next to Demonstration Endpoint Group, followed by EDIT.
- Once on the Edit Group >2 screen, enable the new User Role by selecting Allow Access and then clicking the Eye button to open the group property window showing the options that can be allowed.
- In the group property window, in the ALERTS section, click the box for View Alerts. This selection will permit viewing the alert but not its details.
- With the User Role enabled and allowed to view alerts on endpoints, a User needs to be assigned to this role. Go to Manage Users | Users and select the user, then EDIT.
- Select the newly created role in the Edit User dialog, followed by UPDATE.
- When the user, Joe Demo, logs in, his ZMC dashboard will look like the one below. Alerts for the endpoints in his Endpoint Group are visible, but the other ZMC sections are grayed out. Since this group only consists of Endpoint #2, that is the only endpoint listed.
NOTE: Since View Alerts was assigned, not View Alert Details, alerts are visible but provide limited detail.
Exercise B: The administrator wants to configure a user to manage alerts for a single endpoint group.
To accomplish this task, follow the instructions above until Step 6. At Step 6, select all 4 boxes in the ALERTS section, then UPDATE. From that point, continue following the instructions through Step 9.
When user Joe Demo logs in, the dashboard looks the same, but now, double-clicking an alert opens the alert details screen. In the upper right corner is the option to the Kill Process or the Release Process that caused the alert. The Kill and Remediate button is inactive.
When selecting Kill Process, the Remediate button is activated. Click the Remediate button to neutralize the threat.
You now know how to configure User Roles in the ZeroLock® environment.