Different users have different responsibilities. As a system manager, you need a way to differentiate between users and to limit user privileges based on user responsibilities.
To assist you, the BIG-IQ system has created a default set of roles. To view the default roles, log in to BIG-IQ and navigate to the Roles panel:
Roles persist and are available after a BIG-IQ system failover.
You can associate multiple roles with a given user; for example, you can grant a user the edit (Network_Security_Edit) and the deploy (Network_Security_Deploy) roles.
|Feature||View||Edit||Deploy||Sec Mgr||NW Sec Mgr||Admin|
|View policy, objects, snapshots, deployments, devices, groups||X||X||X||X||X||X|
|Create/update/delete configuration objects||X||X||X||X|
|Compare (view differences between) snapshots||X||X||X||X||X||X|
|Restore working configuration from snapshot||X||X||X||X|
|Deploy from snapshot||X||X||X||X|
|DMA (declare management authority)||X||X||X||X|
|RMA (rescind management authority)||X||X||X||X|
|Deploy working config; create/delete deployment tasks||X||X||X||X|
|View audit log||X||X||X||X||X||X|
|Delete, configure audit log||X||X|
|Create/update/delete device groups||X||X||X||X|
By default, the BIG-IQ Network Security system provides admin as a default user type. The admin user can assign roles to users, but cannot access the command shell or system console.
User types persist and are available after a BIG-IQ system failover.
User accounts and roles persist and are available after a BIG-IQ system failover.
|Username||Enter the user's login name.|
|Auth Provider||Accept the default of local or from the dropdown list, select the provider that supplies the credentials required for authentication.|
|Full Name||Enter the user's actual name. This field can contain a combination of symbols, letters (upper and lowercase), numbers, and spaces.|
|Password||Enter the password for this user.|
|Confirm Password||Retype the password.|