User Management

For a containerized environment only, Fusion user management replaces all user management functions. Use ArcMC user management standalone installations.

The Users and Groups tabs enable you to manage users and user groups on your system. User groups are a way to enforce access control to various sections of your system.

Users

Open the Users tab to manage the users that can log in to your system. You can add a new user, edit user information, or delete a user at any time. You must have the appropriate System Admin group rights to perform these functions.

To add a new user:

  1. Click Administration > Setup > System Admin.

  2. Click User Management in the Users/Groups section in the left panel.

  3. In the Users tab, click Add from the top left side of the page.

  4. Enter the following parameters.

    Parameter

    Description

    Credentials

    Login

    The user's login name.

    Password

    The user's password.

    Confirm
    Password

    Reenter the user's password.

    Contact Information

    Use Client DN

    If you enabled SSL client certificate or LDAP authentication, click this link to enter the user’s Distinguished Name (Certificate Subject) information. The Distinguished Name should be similar to this format:

    CN=UserA,OU=Engg Team,O=ArcSight\, Inc.,L=Cupertino,C=US,ST=California

    To determine the DN, use this URL to display the certificate:

    https://<hostname or IP address >/platform-service/

    DisplayCertificate

    OR

    Obtain the DN information from the browser that the user will open to connect to the system. For example, on Mozilla Firefox, click Tools > Options > Advanced > Encryption > View Certificates > Your Certificates > Select the certificate > View.

    First Name

    The user’s first name.

    Last Name

    The user’s last name.

    Email

    The user’s email address.

    Phone Number

    (Optional) The user’s phone number.

    Title

    (Optional) The user’s title.

    Department

    (Optional) The user’s department.

    Fax

    (Optional) The user’s fax number.

    Alternate Number

    (Optional) The user’s alternate phone number.

    Assign to Groups

    Select the groups to which this user belongs. This setting controls the privileges a user has on this ArcSight Management Center.

    System Admin

    Select a rights level from the drop-down list:

    • Default System Admin Group gives the user rights to change the settings in the System Admin menu. Choosing this option displays all the tabs and menus.
    • Read Only System Admin Group allows the user read-only access.
    • Unassigned prevents user access to the System Admin menu.

    ArcMC Rights

    Select a rights level from the drop-down list:

    • Default ArcMC Rights Group gives the user rights to the Dashboard, Node Management, and Configuration Management menus, as well as the Backup/Restore and Repositories menus. Choosing this option displays all the tabs and menus.
    • Read Only ArcMC Group allows the user read-only access.
    • Unassigned prevents user access to all ArcMC components.

    Notes

    (Optional) Other information about the user.

  5. Click Save and Close.

To edit a user:

  1. Click Administration > System Admin.

  2. Click User Management in the Users/Groups section in the left panel.

  3. In the Users tab, select the user (or users) you want to edit.

  4. Click Edit from the top left side of the page.

  5. Update the user information as necessary.

  6. Click Save User.

To delete a user:

  1. Click Administration > System Admin.

  2. Click User Management in the Users/Groups section in the left panel.

  3. In the Users tab, select the user (or users) you want to delete.

  4. Click Delete from the top left side of the page.

Reset Password

The Reset Password feature enables you to reset a user's password without knowing their password. If you are using an SMTP-configured server and have permissions to create and update users, you can reset a user’s password by clicking the Reset Password button. An automated email including the new password string is sent to the user.

An SMTP server must be configured for the automated email containing the temporary password to be sent. If an SMTP server is not configured, the password will not be reset because an email cannot be sent.

To reset a user’s password:

  1. Click Administration > System Admin.

  2. Click User Management in the Users/Groups section in the left panel.

  3. In the Users tab, select the user (or users) whose passwords you want to reset.

  4. Click Reset Password from the top left side of the page.

The user must use the temporary string to log in within the time specified in the email. If the user does not log in within the specified time, the account becomes deactivated. If the account has been deactivated, the admin must re-activate it before resetting the password.

To activate a user:

  1. Click Administration > System Admin.

  2. Click User Management in the Users/Groups section in the left panel.

  3. In the Users tab, select the user (or users) that you want to activate.

  4. Choose Edit.

  5. Check the Active box.

  6. Save the changes.

Groups

User groups define privileges to specific functions on your system and serve to enforce access control to these functions. For example, if you want User A to perform system admin related activities that are not Connector Appliance management specific, assign that user to the System Admin group, but not to the Connector Appliance group.

User groups are divided into the following types: System Admin and Connector Appliance Rights Groups. Each type has a pre-defined, default user group in which all privileges for the type are enabled. To authorize a subset of the privileges for a specific group type, create a new user group and enable only the privileges you want to provide for that group. Then, assign restricted users to the newly created group.

System Admin Groups

System Admin Group

The System Admin Group controls the system administration operations for your system, such as configuring network information, setting storage mounts, installing SSL certificates, and user management.

Read Only System Admin Group

In addition to the default System Admin Group that enables all rights (privileges), a Read Only System Admin Group is available on your system. Users assigned to this group can view System Admin settings, but cannot change them.

ArcSight Management Center Rights Groups for ArcSight Management Center

ArcSight Management Center Rights Group

The Connector Appliance Rights Group controls the ArcSight Management Center application operations for your system, such as viewing the ArcSight Management Center dashboards and backup operations.

Read Only ArcSight Management Center Group

In addition to the default Connector Appliance Rights Group that enables all rights (privileges) , Connector Appliance provides more controlled authorizations and a “view only” default option. A read-only user can view the tabs and the operations displayed on the tabs, and can perform operations such as refresh, view certificate list, and Logfu.

Refer to your system’s user interface for a complete list of rights available to this group. 

Caution: It is strongly recommended not to modify any rights for the default admin user, as this can cause access issues.

Managing a User Group

To create a new user group:

  1. Click Administration > System Admin.

  2. Click User Management in the Users/Groups section in the left panel.

  3. Click the Groups tab.

  4. Click Add from the top left side of the page.

  5. Define the new group:

    1. In the Group Name field, provide a name for the group.

    2. In the Description field, provide a description for the group.

    3. From the Group Type drop-down box, select the group type.

    4. Click the down arrow icon next to the group type name to view and select privileges that you want to assign to the users in this group.

  6. Click Save and Close to save the settings of the group, or click Save and Edit Membership to add users to this group.

To edit a user group:

  1. Click Administration > System Admin.

  2. Click User Management in the Users/Groups section in the left panel.

  3. Click the Groups tab.

  4. Select the group that you want to edit, and click Edit at the top left side of the page.

  5. Update the user group information.

    If you need to edit the group’s membership:

    1. Click Save and Edit Membership to display the Edit Group Membership page.

    2. Click Add from the top left of the Edit Group Membership page.

    3. Select users you want to add. By default, you can add only users who do not belong to other groups of the type that you are editing. To add such users, click Show users that belong to other <group_type> groups.

      When you add a user who belongs to another group of the same type as the one you are updating, that user is automatically removed from the previous group.

    4. Click OK.

    5. Click Back to Group List.

  6. Click Save and Close.

To delete a user group:

  1. Click Administration > System Admin.

  2. Click User Management in the Users/Groups section in the left panel.

  3. Click the Groups tab.

  4. Select the group (or groups) that you want to delete.

  5. Click Delete at the top left side of the page.