User Management
The Users and Groups tabs enable you to manage users and user groups on your system. User groups are a way to enforce access control to various sections of your system.
Users
Open the Users tab to manage the users that can log in to your system. You can add a new user, edit user information, or delete a user at any time. You must have the appropriate System Admin group rights to perform these functions.
-
Click Administration > Setup > System Admin.
-
Click User Management in the Users/Groups section in the left panel.
-
In the Users tab, click Add from the top left side of the page.
-
Enter the following parameters.
Parameter
Description
Credentials
Login
The user's login name.
Password
The user's password.
Confirm
PasswordReenter the user's password.
Contact Information
If you enabled SSL client certificate or LDAP authentication, click this link to enter the user’s Distinguished Name (Certificate Subject) information. The Distinguished Name should be similar to this format:
CN=UserA,OU=Engg Team,O=ArcSight\, Inc.,L=Cupertino,C=US,ST=California
To determine the DN, use this URL to display the certificate:
https://<hostname or IP address >/platform-service/
DisplayCertificate
OR
Obtain the DN information from the browser that the user will open to connect to the system. For example, on Mozilla Firefox, click Tools > Options > Advanced > Encryption > View Certificates > Your Certificates > Select the certificate > View.
First Name
The user’s first name.
Last Name
The user’s last name.
Email
The user’s email address.
Phone Number
(Optional) The user’s phone number.
Title
(Optional) The user’s title.
Department
(Optional) The user’s department.
Fax
(Optional) The user’s fax number.
Alternate Number
(Optional) The user’s alternate phone number.
Assign to Groups
Select the groups to which this user belongs. This setting controls the privileges a user has on this ArcSight Management Center.
System Admin
Select a rights level from the drop-down list:
- Default System Admin Group gives the user rights to change the settings in the System Admin menu. Choosing this option displays all the tabs and menus.
- Read Only System Admin Group allows the user read-only access.
- Unassigned prevents user access to the System Admin menu.
ArcMC Rights
Select a rights level from the drop-down list:
- Default ArcMC Rights Group gives the user rights to the Dashboard, Node Management, and Configuration Management menus, as well as the Backup/Restore and Repositories menus. Choosing this option displays all the tabs and menus.
- Read Only ArcMC Group allows the user read-only access.
- Unassigned prevents user access to all ArcMC components.
Notes
(Optional) Other information about the user.
-
Click Save and Close.
-
Click Administration > System Admin.
-
Click User Management in the Users/Groups section in the left panel.
-
In the Users tab, select the user (or users) you want to edit.
-
Click Edit from the top left side of the page.
-
Update the user information as necessary.
-
Click Save User.
To delete a user:
-
Click Administration > System Admin.
-
Click User Management in the Users/Groups section in the left panel.
-
In the Users tab, select the user (or users) you want to delete.
-
Click Delete from the top left side of the page.
Reset Password
The Reset Password feature enables you to reset a user's password without knowing their password. If you are using an SMTP-configured server and have permissions to create and update users, you can reset a user’s password by clicking the Reset Password button. An automated email including the new password string is sent to the user.
An SMTP server must be configured for the automated email containing the temporary password to be sent. If an SMTP server is not configured, the password will not be reset because an email cannot be sent.
To reset a user’s password:
-
Click Administration > System Admin.
-
Click User Management in the Users/Groups section in the left panel.
-
In the Users tab, select the user (or users) whose passwords you want to reset.
-
Click Reset Password from the top left side of the page.
The user must use the temporary string to log in within the time specified in the email. If the user does not log in within the specified time, the account becomes deactivated. If the account has been deactivated, the admin must re-activate it before resetting the password.
To activate a user:
-
Click Administration > System Admin.
-
Click User Management in the Users/Groups section in the left panel.
-
In the Users tab, select the user (or users) that you want to activate.
-
Choose Edit.
-
Check the Active box.
-
Save the changes.
Groups
User groups define privileges to specific functions on your system and serve to enforce access control to these functions.
User groups are divided into the following types: System Admin and Connector Appliance Rights Groups. Each type has a pre-defined, default user group in which all privileges for the type are enabled. To authorize a subset of the privileges for a specific group type, create a new user group and enable only the privileges you want to provide for that group. Then, assign restricted users to the newly created group.
System Admin Groups
System Admin Group
The System Admin Group controls the system administration operations for your system, such as configuring network information, setting storage mounts, installing SSL certificates, and user management.
Read Only System Admin Group
In addition to the default System Admin Group that enables all rights (privileges), a Read Only System Admin Group is available on your system. Users assigned to this group can view System Admin settings, but cannot change them.
ArcSight Management Center Rights Groups for ArcSight Management Center
Managing a User Group
To create a new user group:
-
Click Administration > System Admin.
-
Click User Management in the Users/Groups section in the left panel.
-
Click the Groups tab.
-
Click Add from the top left side of the page.
-
Define the new group:
-
In the Group Name field, provide a name for the group.
-
In the Description field, provide a description for the group.
-
From the Group Type drop-down box, select the group type.
-
Click the down arrow icon next to the group type name to view and select privileges that you want to assign to the users in this group.
-
Click Save and Close to save the settings of the group, or click Save and Edit Membership to add users to this group.
-
Click Administration > System Admin.
-
Click User Management in the Users/Groups section in the left panel.
-
Click the Groups tab.
-
Select the group that you want to edit, and click Edit at the top left side of the page.
-
Update the user group information.
If you need to edit the group’s membership:
-
Click Save and Edit Membership to display the Edit Group Membership page.
-
Click Add from the top left of the Edit Group Membership page.
-
Select users you want to add. By default, you can add only users who do not belong to other groups of the type that you are editing. To add such users, click Show users that belong to other <group_type> groups.
When you add a user who belongs to another group of the same type as the one you are updating, that user is automatically removed from the previous group.
-
Click OK.
-
Click Back to Group List.
-
Click Save and Close.
To delete a user group:
-
Click Administration > System Admin.
-
Click User Management in the Users/Groups section in the left panel.
-
Click the Groups tab.
-
Select the group (or groups) that you want to delete.
-
Click Delete at the top left side of the page.