Skip to content
English
  • There are no suggestions because the search field is empty.

How To Create, Configure, and Apply a User Role

This exercise demonstrates the creation, configuration, and application of User Roles.

For ZeroLock Management Console version before v4.2.x, please use this link.

 

The User Role feature enables ZeroLock® Management Console (ZMC) administrators to configure a role by granularly setting permissions for five (5) sections of the ZeroLock Management Console (ZMC).

Image_2_Edit User Role Screen_v4.2.x

Within these sections, User Roles may be permitted to Modify or View specific sub-sections.

Modify enables the user to make changes in the assigned section of the ZMC and view the changes. A user with this permission option can duplicate, edit, and delete User Roles.

View alone only permits the user to view the settings for a ZMC section. The options to duplicate, edit, and delete are not available.

However, employing the User Role allows for greater granular control of permissions and provides a more focused approach to allowing specific actions.

Exercise A: The administrator wants to configure a user to view alerts for a single endpoint group.

The process begins with creating a User Role, assigning that role to an Endpoint Group, setting the appropriate permissions, and then assigning a User to the new role.

  1. Go to Manages Users | User Roles,  then select Add New Role.Step_1_New User Role_v4.2.x
  2. The New User Role screen consists of fields for the name and description, followed by five (5) sections used to configure what that User Role may modify and view.  As no options are being added, once the name and description have been entered, select CREATE.Step_2_New User Role_v4.2.x
  3. Once the User Role is created, the next step is to assign the role to an Endpoint Group. In this scenario, select the Demo Endpoint Group.Step_3_Demo Endpoint Group_v4.2.x_KB
  4. Select Manage Endpoints | Groups, then click the box next to Demo Endpoint Group, followed by EDIT.Step_4_Endpoint Groups_v4.2.x
  5. Once on the Edit Group >4 screen, enable the new User Role by selecting Allow Access, then clicking the Eye button to open the group property window, to view the options that you may allow.Step_5_Edit Group 4_v4.2.x
  6. On the Group Property window, in the ALERTS section, click the box for View Alerts. This selection will allow viewing of the alert,  but not its details.Step_6_Edit Group Alerts_v4.2.x
  7. With the User Role enabled and allowed to view alerts on endpoints, a User needs to be assigned to this role. Go to Manage Users | Users and select the user, then EDIT.Step_7_Edit User_v4.2.x
  8. On the Edit User dialog, select the newly created role, then click UPDATE.Step_8_Edit User Role_v4.2.x
  9. When user Joe Demo logs in, his ZMC dashboard will be like the one below. As he is only allowed to view alerts on the endpoints in his Endpoint Group, the other ZMC sections are greyed out. There is just one endpoint listed because this Endpoint Group contains only a single endpoint.Step_9_Dashboard View_v4.2.x_KB 

    Since View Alerts was assigned, and not View Alert Details, alerts are visible but cannot be clicked on for greater detail.

Exercise B: The administrator wants to configure a user to manage alerts for a single endpoint group.

To accomplish this task, follow the previous instructions until Step 6. At Step 6, select all four (4) boxes in the ALERTS section, then UPDATE. Continue following the instructions through Step 9.Image_1_Edit Group 4_v4.2.x

When user Joe Demo logs in, the dashboard looks the same,  but now, double-clicking an alert opens its details screen. In the upper right corner, there are two options to use on the alert: Kill Process or Release Process. The Kill and Remediate button is inactive.Image_2_Alert 8_v4.2.x_KB

When selecting Kill Process, the Remediate Alert button is activated. Click Remediate Alert to neutralize the threat.Image_3_Remediate Alert_v4.2.x_KB

Create Multiple Roles

To create multiple roles with slightly different permissions, without manually setting the same permissions for each role, using DUPLICATE is a great time saver. Once the changes have been made, rename the role, then select CREATE.Image_4_Duplicate User Role_v4.2.x

Selecting Duplicate instead of Edit creates a copy of the current user role with a placeholder name of the current role name with 'copy' appended to it and to its description.  For example, the duplicate of 'Demo User Role' would be 'Demo User Role copy'.Image_5_New User Role with Copy_v4.2.x