Differences between Security Center 5.x and 5.10 privileges - Security Center 5.10.1.0

Security Center Release Notes 5.10.1.0

Applies to
Security Center 5.10.1.0
Last updated
2021-10-18
Content type
Release notes
Language
English
Product
Security Center
Version
5.10

Beginning in Security Center 5.7 GA, most privileges that were reserved exclusively to administrators, such as adding users, can now be granted individually. Some actions, such as modifying the logical IDs, that used to be covered under generic privileges, now require specific privileges, because they might affect the entire system.

Privileges that are no longer exclusive to administrators starting in 5.7

Starting in Security Center 5.7 GA, users no longer need to be members of the Administrators user group to perform the following actions.

Administrative privileges > System management:
View network properties
Allows the user to view network properties (also grants access to the Network view task).
Modify network properties
Allows the user to modify network properties, and to add and delete network entities.
View partition properties
Allows the user to view partition properties (also grants access to the User management task).
Modify partition properties
Allows the user to modify partition properties.
Add partitions
Allows the user to add partitions.
Delete partitions
Allows the user to delete partitions.
View role properties
Allows the user to view role properties (also grants access to the System task, Roles view).
Modify role properties
Allows the user to modify role properties.
NOTE: If a role belongs to multiple partitions, changing any role property (for example, deactivating the role) affects all partitions, not just the ones the user has access to.
Add roles
Allows the user to add roles.
Delete roles
Allows the user to delete roles.
View server properties
Allows the user to view server properties (must be combined with View network properties privilege).
Modify server properties
Allows the user to modify server properties.
Delete servers
Allows the user to delete servers.
View user group properties
Allows the user to view user group properties (also grants access to the User management task).
Modify user group properties
Allows the user to modify user group properties.
NOTE: Users can never grant privileges that they do not have. For example, a user cannot add a member to a user group if the user group has privileges that they do not have. If a privilege operation requires more privileges than the user has, the operation will be denied.
Add user groups
Allows the user to add user groups.
Delete user groups
Allows the user to delete user groups.
View user properties
Allows the user to view user properties (also grants access to the User management task).
Modify user properties
Allows the user to modify user properties.
Add users
Allows the user to add users.
Delete users
Allows the user to delete users.
View general settings
Allows the user to view general settings.
NOTE: All general settings have a system-wide scope, so exercise great care when making any changes.
Modify custom field definitions
Allows the user to add, modify, and delete custom field definitions and custom data types.
Modify custom events
Allows the user to add, modify, and delete custom events, and change event colors.
Modify event-to-actions
Allows the user to add, modify, and delete event-to-actions.

If you upgraded from 5.6 or earlier to 5.10, users who used to be able to modify event-to-actions by virtue of their System task privilege will no longer be able to, unless they are explicitly granted the Modify event-to-actions privilege in the new system.

Modify logical IDs
Allows the user to modify the logical ID of entities (must be combined with Modify entity properties privileges).

If you upgraded from 5.6 or earlier to 5.10, users who used to be able to modify logical IDs by virtue of their Modify entity properties privilege will no longer be able to, unless they were administrators or partition administrators in the old system.

Modify password settings
Allows the user to modify user password settings.
Modify activity trail settings
Allows the user to configure which activity types should be logged.
Modify audio files
Allows the user to modify audio files, and to add and delete custom ones.
Modify incident categories
Allows the user to add, modify, and delete incident categories.
Modify enabled features
Allows the user to enable and disable licensed features.
View macro properties
Allows the user to view macro properties.
NOTE: Only administrators can add, modify, and delete macros.
Action privileges > Alarms:
Acknowledge alarms
Allows the user to acknowledge alarms (this is not a new privilege).
Forcibly acknowledge alarms
Forcibly acknowledge alarms that have an active condition attached.

Privileges that are no longer exclusive to administrators starting in 5.8

Starting in Security Center 5.8 GA, users no longer need to be members of the Administrators user group to perform the following actions.
Administrative privileges > System management > View general settings:
View threat levels
Allows the user to view threat levels.
Modify threat levels
Allows the user to modify threat levels.
Add threat levels
Allows the user to add threat levels.
Delete threat levels
Allows the user to delete threat levels.
Task privileges > Administration:
Video
Allows the user to run the Video task (this is not a new privilege).
Archive transfer
Allows the user to perform archive transfers from the Video task.
Access control
Allows the user to run the Access control task (this is not a new privilege).
General settings
Allows the user to view and modify access control configuration settings such as custom card formats and HID Mobile Access.
Task privileges > Tools:
Import tool
Allows the user to launch the Import tool.

Privileges that remain exclusive to administrators

The following privileges remain exclusive to members of the Administrators user group.
  • Adding, modifying, and deleting macros.
  • Creating generic event-to-actions (without a specific source entity).
  • Running the Diagnostic data collector.