How To Create, Configure, and Apply a User Role
This exercise demonstrates the creation, configuration, and application of User Roles.
For ZeroLock Management Console version before v4.2.x, please use this link.
The User Role feature enables ZeroLock® Management Console (ZMC) administrators to configure a role by granularly setting permissions for five (5) sections of the ZeroLock Management Console (ZMC).
Within these sections, User Roles may be permitted to Modify or View specific sub-sections.
Modify enables the user to make changes in the assigned section of the ZMC and view the changes. A user with this permission option can duplicate, edit, and delete User Roles.
View alone only permits the user to view the settings for a ZMC section. The options to duplicate, edit, and delete are not available.
However, employing the User Role allows for greater granular control of permissions and provides a more focused approach to allowing specific actions.
Exercise A: The administrator wants to configure a user to view alerts for a single endpoint group.
The process begins with creating a User Role, assigning that role to an Endpoint Group, setting the appropriate permissions, and then assigning a User to the new role.
- Go to Manages Users | User Roles, then select Add New Role.
- The New User Role screen consists of fields for the name and description, followed by five (5) sections used to configure what that User Role may modify and view. As no options are being added, once the name and description have been entered, select CREATE.
- Once the User Role is created, the next step is to assign the role to an Endpoint Group. In this scenario, select the Demo Endpoint Group.
- Select Manage Endpoints | Groups, then click the box next to Demo Endpoint Group, followed by EDIT.
- Once on the Edit Group >4 screen, enable the new User Role by selecting Allow Access, then clicking the Eye button to open the group property window, to view the options that you may allow.
- On the Group Property window, in the ALERTS section, click the box for View Alerts. This selection will allow viewing of the alert, but not its details.
- With the User Role enabled and allowed to view alerts on endpoints, a User needs to be assigned to this role. Go to Manage Users | Users and select the user, then EDIT.
- On the Edit User dialog, select the newly created role, then click UPDATE.
- When user Joe Demo logs in, his ZMC dashboard will be like the one below. As he is only allowed to view alerts on the endpoints in his Endpoint Group, the other ZMC sections are greyed out. There is just one endpoint listed because this Endpoint Group contains only a single endpoint.
Since View Alerts was assigned, and not View Alert Details, alerts are visible but cannot be clicked on for greater detail.
Exercise B: The administrator wants to configure a user to manage alerts for a single endpoint group.
To accomplish this task, follow the previous instructions until Step 6. At Step 6, select all four (4) boxes in the ALERTS section, then UPDATE. Continue following the instructions through Step 9.
When user Joe Demo logs in, the dashboard looks the same, but now, double-clicking an alert opens its details screen. In the upper right corner, there are two options to use on the alert: Kill Process or Release Process. The Kill and Remediate button is inactive.
When selecting Kill Process, the Remediate Alert button is activated. Click Remediate Alert to neutralize the threat.
Create Multiple Roles
To create multiple roles with slightly different permissions, without manually setting the same permissions for each role, using DUPLICATE is a great time saver. Once the changes have been made, rename the role, then select CREATE.
Selecting Duplicate instead of Edit creates a copy of the current user role with a placeholder name of the current role name with 'copy' appended to it and to its description. For example, the duplicate of 'Demo User Role' would be 'Demo User Role copy'.