5.7.5. Built-in usergroups of PSM

PSM has the following usergroups by default. Note that you can modify and delete these usergroups as you see fit.

Figure 5.11. AAA > Access Control — Built-in usergroups of PSM

AAA > Access Control — Built-in usergroups of PSM
Warning

If you use LDAP authentication on the PSM web interface and want to use the default usergroups, you have to create these groups in your LDAP database and assign users to them. For details on using usergroups, see Section 5.7.4, How to use usergroups.

  • basic-view: View the settings in the Basic Settings menu, including the system logs of PSM. Members of this group can also execute commands on the Troubleshooting tab.

  • basic-write: Edit the settings in the Basic Settings menu. Members of this group can manage PSM as a host.

  • auth-view: View the names and privileges of the PSM administrators, the configured usergroups, and the authentication settings in the AAA menu. Members of this group can also view the history of configuration changes.

  • auth-write: Edit authentication settings and manage users and usergroups.

    Warning

    Members of the auth-write group, or any other group with write privileges to the AAA menu are essentially equivalent to system administrators of PSM, because they can give themselves any privilege. Users with limited rights should never have such privileges.

    If a user with write privileges to the AAA menu gives himself new privileges (for example gives himself group membership to a new group), then he has to relogin to the PSM web interface to activate the new privilege.

  • search: Browse and download various logs and alerts in the Search menu. The members of this group have access to the audit trail files as well. Note that to open encrypted audit trail files, the proper encryption keys are required.

  • changelog: View the history of PSM configuration changes in the AAA > Accounting menu.

  • report: Browse, create and manage reports, and add statistics-based chapters to the reports in the Reports menu. Users with this privilege can access every report. To grant access to users only to specific reports, use the Reports are accessible by the following groups option of the report. For details, see Procedure 19.2, Configuring custom reports.

    Note

    To control exactly which statistics-based chapters and reports can the user include in a report, use the Use static subchapters privileges.

  • policies-view: View the policies and settings in the Policies menu.

  • policies-write: Edit the policies and settings in the Policies menu.

  • ssh-view: View all connection and policy settings in the SSH Control menu.

  • ssh-write: Edit all connection and policy settings in the SSH Control menu.

  • rdp-view: View all connection and policy settings in the RDP Control menu.

  • rdp-write: Edit all connection and policy settings in the RDP Control menu.

  • telnet-view: View all connection and policy settings in the Telnet Control menu.

  • telnet-write: Edit all connection and policy settings in the Telnet Control menu.

  • vnc-view: View all connection and policy settings in the VNC Control menu.

  • vnc-write: Edit all connection and policy settings in the VNC Control menu.

  • indexing: Allows host running the Audit Player application to access and download audit trails for automatic indexing. Note that the members of this group can access the PSM web interface as well, and download any audit trail directly.

  • ica-view: View all connection and policy settings in the ICA Control menu.

  • ica-write: Edit all connection and policy settings in the ICA Control menu.

  • api: View and edit rights for the Access RPC API privilege, to access PSM through RPC.

  • http-view: View all connection and policy settings in the HTTP Control menu.

  • http-write: Edit all connection and policy settings in the HTTP Control menu.

  • indexer-view: View all connection and policy settings in the Indexer menu.

  • indexer-write: Edit all connection and policy settings in the Indexer menu.