Permission Groups
A permission group is a set of access privileges. Access privileges are organized functionally, enabling you to assign different functions or different product access across users.
Permission groups are the building blocks of roles. In themselves, permission groups do not enable access for any users. Permission groups can be bundled into roles, and when users are assigned to those roles, they will gain the privileges which the individual permission groups grant them.
Permission groups can be created, imported from managed nodes, edited, and deleted in ArcMC.
You can create permission groups of the following types in ArcMC.
Group Type | Grants access to... |
---|---|
System Admin | System admin and platform settings. |
Logger Rights | Logger general functionality. Does not include Logger Reports and Logger Search permissions. |
Logger Reports | Logger report functionality. |
Logger Search | Logger search functionality. |
Conapp Rights | Connector Appliance general functionality. |
ArcMC Rights |
ArcSight Management Center general functionality. Note that ArcMC rights View options and Edit, save and remove options can only be granted to groups with either View management or Edit, save, and remove management rights. |
You can create different permission groups to reflect different management access levels. For example, you could create two System Admin permissions groups, one with access to reboot and update privileges, and the other with access to global settings. However, a role can only be assigned one permission group per group type.
- Select User Management > Permission Groups.
- On the Permission Groups page, click New.
- In Group Name, enter a name for the new group.
- Select a type from the Group Type drop-down list.
- In Description, enter a brief description of the permission group.
- In the Rights list, select the rights to which the permission group controls. (Click Select All to select all rights in the list.)
- Click Save.
To import one or more permission groups from a managed node:
- Select User Management > Permission Groups.
- On the Permission Groups page, click Import.
- From the list of managed nodes, select the node from which to import a group, and then click Next.
- The Available Permission Group(s) column shows available permission groups on the managed node. Select one or more groups, and then use the Add button to move them to the Selected Permission Group(s) column. (Note that permission groups already present in ArcMC will be shown as disabled and unavailable for selection.)
- Click Import. The groups are imported into ArcMC.
- Select User Management > Permission Groups.
- From the list of groups, click the name of the group you wish to edit.
- Enter values or select rights as needed.
- Click Save. (Click Save As to save the group under a new name.)
To delete a permission group:
To delete a permission group that is part of a role, delete the role first.
To delete a permission group that is part of a Filter configuration, remove it from the configuration.
- Select User Management > Permission Groups.
- From the list of groups, select the group you wish to delete.
- Click Delete.
- Click Yes to confirm deletion.