Manual Chapter : Users User Groups and Roles

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.0.0
Manual Chapter

About users, user groups, and roles

A user is an individual to whom you provide resources. You provide access to users for specific BIG-IQ® system functionality through authentication. You can associate a user with a specific role, or associate a user with a user group and then associate the group with a role.

A role is defined by its specific privileges. A user group is a group of individuals who have access to the same resources. When you associate a role with a user or user group, that user or user group is granted all of the role's corresponding privileges.

User roles in the Access configuration workflow

Trust Discover Import role used for adding device, discovering service configuration,     importing service configuration, creating and editing Access groups

Access configuration workflow with possible user roles

User roles in the reporting configuration workflow

Only Access Manager user role      can kill sessions and run remote logging configuration; any Access user role can run reports

Reporting workflow with possible user roles

Adding a BIG-IQ user

Create a user to provide access to the BIG-IQ system.
  1. Log in to the BIG-IQ® system with your user name and password.
  2. At the top left of the screen, select System Management from the BIG-IQ menu.
  3. On the left, click USER MANAGEMENT > Users .
    The inventory of users defined on this BIG-IQ opens.
  4. Click the Add button.
  5. In the User Name field, type the user name for this new user.
  6. In the Full Name field, type a name to identify this user.
    The full name can contain a combination of symbols, letters, numbers and spaces.
  7. In the Password and Confirm Password fields, type the password for the new user.
  8. To associate this user with an existing user group, select the group from the User Groups list.
    To associate the user with additional groups, click the plus [+] icon and select another group.
  9. From the User Roles list, select a user role to associate with this user.
    Each role has a set of unique privileges.
    To associate the user with additional roles, click the plus [+] icon and select another role.
  10. Click the Save button at the bottom of the screen.

Creating a user group

You create a user group to offer individual users access to the same resources.

  1. Log in to the BIG-IQ® system with your user name and password.
  2. At the top left of the screen, select System Management from the BIG-IQ menu.
  3. At the left, click USER MANAGEMENT > User Groups .
    The User Groups screen opens.
  4. Click Add.
  5. In the Name field, type a name for this new user group.
  6. From the Auth Provider list, select local (Local).
  7. From the Users list, select a user to add to this group.
    To add additional users, click the plus [+] icon.
  8. From the User Roles list, select a user role to give its associated system access to this user group.
    To add additional roles, click the plus [+] icon.
  9. Click the Save button at the bottom of the screen.

User role access descriptions

The table lists standard BIG-IQ® system user roles you might need to assign to your users, depending on their responsibilities in working with Access.

Role Role Description / Access
Access Auditor This role provides access to BIG-IQ® Access reports.
Access Deployer This role has deploy access to Access configuration objects. This role cannot discover and edit devices or policies.
Access Editor This role has edit access to Access configuration objects. This role cannot discover and deploy devices or policies. This role includes the ability to add, update, and delete pools and pool members from the Access configuration object editor.
Access Manager This role has deploy and edit access to Access configuration objects, and has access to Access Reports and Dashboard. This role cannot add or remove devices and device groups, and cannot discover, import or delete services.
Access Viewer This role has view-only access to Access configuration objects and tasks for Access devices that have been discovered. This role cannot edit, discover, or deploy devices or policies.
ADC Deployer This role has deploy access to ADC configuration objects. This role cannot discover and edit devices or configuration objects. At deployment, Access notifies you if it finds changes in ADC that you must deploy first,
ADC Editor This role has edit access to ADC configuration objects. A user needs this role to be able to edit or create a self-IP address or a route domain and to view other ADC configuration objects. This role includes the ability to add, update, and delete pools and pool members from ADC; however, you can configure pools and pool members within Access without having this role.
ADC Manager This role manages the ADC module with full privilege. This role works for a user who needs to: Deploy ADC; edit or create a self-IP address or a route domain; view other ADC configuration objects. This role includes the ability to add, update, and delete pools and pool members from ADC; however, you can configure pools and pool members within Access without having this role.
ADC Viewer This role permits read-only access to the ADC module. A user who needs to view configuration objects from ADC needs this role.
Trust Discover Import This role can add and delete devices, discover services and import them, and remove services.
Administrator This role has access to all aspects of the BIG-IQ system, which can include BIG-IQ Security, BIG-IQ System, and BIG-IQ ADC management. This access includes areas involved in adding individual users, assigning roles, device discovery, installing updates, activating licenses, and configuring a BIG-IQ high availability (HA) configuration.