Manual Chapter : Managing Roles and Users

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 4.6.0
Manual Chapter

About roles

As a security system manager, you need to differentiate between types of users, and to limit user privileges based on user responsibilities. To assist you, the BIG-IQ® system provides a default set of roles. You can associate multiple roles with a given user; for example, you can grant a user the edit (Network_Security_Edit) and the deploy (Network_Security_Deploy) roles for network security functions. Roles persist and are available after a BIG-IQ system failover.

To view the defined roles, both default and locally-defined, log in to BIG-IQ System as administrator, and navigate to the Roles panel:

BIG-IQ System > Access Control > Roles

The Roles panel lists each defined role. A description of the role is provided in the properties for that role. To access this description, hover over a role name, click the gear icon, and then select Properties. The User Role Properties screen includes the description.

Refer to the Roles panel online help or to the BIG-IQ® System: Licensing and Initial Setup guide for more information on roles and their use.

About user types

By default, the BIG-IQ® Network Security system provides admin as a default user type. The admin user can assign roles to users, but cannot access the command shell or system console.

User types persist and are available after a BIG-IQ system failover.

Creating user accounts

As the BIG-IQ® security manager, you create user accounts and associate those user accounts with the right roles (sets of privileges). By managing user roles, you place controls on specific functions (view, edit, and deploy). User accounts and roles persist and are available after a BIG-IQ® system failover.
  1. Log in to the BIG-IQ® system and click BIG-IQ System > Access Control > Users .
  2. Hover over the Users banner, click the + icon, and select New User.
  3. Complete the fields as required.
    Option Description
    Username Enter the user's login name.
    Auth Provider Accept the default of local or from the dropdown list, select the provider that supplies the credentials required for authentication.
    Full Name Enter the user's actual name. This field can contain a combination of symbols, letters (upper and lowercase), numbers, and spaces.
    Password Enter the password for this user.
    Confirm Password Retype the password.
  4. Click Add to save your edits and create the user account (or click Cancel to close the panel without saving your entries).
You can now associate this user with a specific role (set of privileges).

Associating users with roles

You can control what users are able to accomplish by associating roles (sets of privileges) with particular users.
  1. Log in to the BIG-IQ® system and click BIG-IQ System > Access Control > Users .
  2. In the Users panel, click the user that you want to associate with a role and drag the user onto the role (Roles panel).
    Conversely, you can also drag the role onto the user.
The user now has the privileges commensurate with his role. To confirm, click the gear icon for the user, and select Properties. Or, click the gear icon for the role and view the Active Users and Groups.

Disassociating users from roles

You disable a user's ability to perform a given function by disassociating roles (sets of privileges) from that user.
  1. Log in to the BIG-IQ® system and click BIG-IQ System > Access Control > Roles .
  2. In the Roles panel, hover over the role that contains the user you want to disassociate, click the gear icon, and select Properties.
  3. To the right of Active Users and Groups, view the list of users and groups associated with the role.
  4. Click the X next to the user or group that you want to disassociate from the role.
  5. Click Save.
The user is now disassociated from the role, and no longer has the privileges associated with the role.