Configuring Security Settings : Managing user permissions
  
Managing user permissions
You can change the administrator or monitor passwords and define role-based users in the Administration > Security: User Permissions page.
User accounts
The system provides two user account options, based on what actions the user can take:
Admin - The administrator user has full privileges. For example, as an administrator you can set and modify configuration settings, add and delete users, restart the Mobile Controller service, reboot the Mobile Controller, and create and view performance and system reports.
Monitor - A monitor user can view reports and user logs, and change his or her password. A monitor user can’t make configuration changes, modify private keys, view system logs, or manage cryptographic modules in the system.
Roles and permissions
You can also create users, assign passwords to the user, and assign varying configuration roles to the user. A user role determines whether the user has permission to:
Read-only - With read-only privileges, you can view current configuration settings but you can’t change them.
Read/Write - With read and write privileges, you can view settings and make configuration changes for a feature.
Deny - With deny privileges, you can’t view settings or save configuration changes for a feature.
Available menu items reflect the privileges of the user. For example, any menu items that a user does not have permission to use are unavailable. When a user selects an unavailable link, the User Permissions page appears.
To set or modify user account permissions
1. Choose Administration > Security: User Permissions to display the User Permissions page.
2. Under Accounts, complete the configuration as described in this table.
Control
Description
admin/monitor
Click the magnifying glass icon for the user account you want to set or modify. Login failure details are displayed.
Clear - Clears the detailed information about login failures.
Change Password - Enables password protection.
When a user has a null password to start with, the administrator can still set the user password with account control enabled. However, once the user or administrator changes the password, it can’t be reset to null as long as account control is enabled.
New Password - Specify a password in the text box.
New Password Confirm - Retype the new administrator password.
Enable Account - Select the option to enable or clear to disable the administrator or monitor account. If the account is enabled, this option is available:
Make this the AAA Default User (for RADIUS/TACACS+ logins)
3. Click Apply to apply your changes.
To add a new user account
1. Choose Administration > Security: User Permissions to display the User Permissions page.
2. Under Accounts, complete the configuration as described in this table.
Control
Description
Add a New Account
Displays the controls for creating a new account.
Account Name
Specify a name for the account.
Password
Specify a password in the text box.
New Password Confirm
Retype the password to confirm.
Enable Account
Select the check box to enable the new account. If the account is enabled, this option is available:
Make this the AAA Default User (for RADIUS/TACACS+ logins)
Roles and Permissions
Select one of these roles:
Administrator - Specifies an administration account with full access to configuration and reports.
Role-based management (RBM) User - Select deny, read-only, or read/write access for these settings:
General Settings - Configures the per-source IP connection limit and the maximum connection pooling size.
Network Settings - Configures host and network interface settings, including DNS cache settings and hardware assist rules.
Security Settings - Configures security settings, including RADIUS and TACACS authentication settings and the secure vault password.
Policy/Package/Assignment Settings - Configures policy, package, and assignment settings.
Diagnostic Reports Settings - Customizes system diagnostic reports, including system and user log settings. It does not include TCP dumps.
Endpoint Reports Settings - Configures endpoint client report settings.
SSL Settings - Configures SSL support and the secure inner channel.
Cluster Settings - Configures Mobile Controller cluster settings.
Apply
Adds your settings to the system.
Remove Selected Accounts
Click to remove the selected accounts.
3. Click Save to Disk to save your settings permanently.