ESM user groups are designed to contain users with a common set of roles (see the topic, "User Roles," in ESM 101) and permissions. ESM provides the following user groups:
|
Group |
Description |
|---|---|
|
Administrators |
Associated with the administrator role with all privileges and permissions, including changing other groups' privileges and permissions |
|
Custom User Groups |
Minimum privileges and permissions, but administrator can modify. |
|
Default User Groups |
Further subdivided into subgroups that map to roles in the enterprise's security operations center (SOC). Each subgroup has a predefined set of privileges but administrator can modify.
|
| SCIM Provisioned Users Group | Minimum privileges and permissions. This group serves as a SCIM user repository that contains all users who are provisioned through the SCIM API. Any user created in this group is visible and can be managed through the SCIM API. |
Tip: If you belong to the Administrators group, you can view all groups and their associated permissions. Right-click a group and choose Edit ACL to open the ACL Editor for that group. Refer to Managing Permissions.
Where: Navigator > Resources > Users
To create user groups:
Caution: Do not exceed more than 10,000 resources in a group.
Right-click a group and select New Group.
A name text field appears under the group you selected.
In the name text field, enter a name.
Press Enter.
Optional: To add information in the Notes tab, refer to Using Notes.
To rename user groups:
Right-click a group and choose Rename.
In the name text field, rename the group.
Press Enter.
To edit user groups:
Right-click a group and choose Edit Group.
In the Group Editor, edit the Name and Description text fields.
Click OK.
To move or link (copy) user groups:
Note: To copy multiple resources at once, use Copy and Paste. You can drag and drop only one resource at a time.
Navigate to a group and drag and drop it into another group.
Choose Move to move the group or Link to create a copy of the group that is linked to the original group.
If you choose Link, you create a copy of the group that is linked to the original group. Therefore, if you edit a linked group, whether it is the original or the copy, all links are edited as well. When deleting linked groups, you can either delete the selected group or all linked groups.
To delete user groups:
If you delete a group, the users within that group are also deleted, unless they are also contained by other groups.
Right-click a group and choose Delete Group.
In the dialog box, click Yes.
You can define the set of active channel and dashboard resource groups that members of a given ArcSight user group see by default when they first log in. This includes both ArcSight Console and Command Center users. These channels and dashboards are initial defaults only: when users begin changing the content of the Viewer panel, the ArcSight Console and Command Center follow their normal behavior of remembering the most recent state.
The default active channels and dashboards you select for user groups are listed in the User Group Editor on the Startup Views tab.
Right-click a user group and choose Edit Group.
In the User Group Editor, click the Startup Views tab, then the Active Channels or Dashboards tabs.
In either resource tab, click Add to open a resource selector dialog box.
Navigate to and select the appropriate active channels or dashboards to set as users' start-up resources, and click OK. Repeat this step to add more resources.
Click Refresh to update the current list of resources, or click Remove to take a selected resource off the list. Click Edit to change a selected resource in its own editor.
Click Apply to make changes and leave the editor open, or click OK to apply your changes and close the editor.
The following topics include configuration instructions related to user groups: