Beginning in Security Center 5.7 GA, most privileges that were reserved exclusively to administrators, such as adding users, can now be granted individually. Some actions, such as modifying the logical IDs, that used to be covered under generic privileges, now require specific privileges, because they might affect the entire system.
Privileges that are no longer exclusive to administrators starting in 5.7
Starting in Security Center 5.7 GA, users no longer need to be members of the Administrators user group to perform the following actions.
- View network properties
- Allows the user to view network properties (also grants access to the
Network view task).
- Modify network properties
- Allows the user to modify network properties, and to add and delete network entities.
- View partition properties
- Allows the user to view partition properties (also grants access to the
User management task).
- Modify partition properties
- Allows the user to modify partition properties.
- Add partitions
- Allows the user to add partitions.
- Delete partitions
- Allows the user to delete partitions.
- View role properties
- Allows the user to view role properties (also grants access to the
System task, Roles view).
- Modify role properties
- Allows the user to modify role properties.NOTE: If a role belongs to multiple partitions, changing any role property (for example, deactivating the role) affects all partitions, not just the ones the user has access to.
- Add roles
- Allows the user to add roles.
- Delete roles
- Allows the user to delete roles.
- View server properties
- Allows the user to view server properties (must be combined with View
network properties privilege).
- Modify server properties
- Allows the user to modify server properties.
- Delete servers
- Allows the user to delete servers.
- View user group properties
- Allows the user to view user group properties (also grants access to the
User management task).
- Modify user group properties
- Allows the user to modify user group properties.NOTE: Users can never grant privileges that they do not have. For example, a user cannot add a member to a user group if the user group has privileges that they do not have. If a privilege operation requires more privileges than the user has, the operation will be denied.
- Add user groups
- Allows the user to add user groups.
- Delete user groups
- Allows the user to delete user groups.
- View user properties
- Allows the user to view user properties (also grants access to the
User management task).
- Modify user properties
- Allows the user to modify user properties.
- Add users
- Allows the user to add users.
- Delete users
- Allows the user to delete users.
- View general settings
- Allows the user to view general settings.NOTE: All general settings have a system-wide scope, so exercise great care when making any changes.
- Modify custom field definitions
- Allows the user to add, modify, and delete custom field definitions and custom data types.
- Modify custom events
- Allows the user to add, modify, and delete custom events, and change event colors.
- Modify event-to-actions
- Allows the user to add, modify, and delete event-to-actions.
If you upgraded from 5.6 or earlier to 5.10, users who used to be able to modify event-to-actions by virtue of their System task privilege will no longer be able to, unless they are explicitly granted the Modify event-to-actions privilege in the new system.
- Modify logical IDs
- Allows the user to modify the logical ID of entities (must be
combined with Modify entity properties privileges).
If you upgraded from 5.6 or earlier to 5.10, users who used to be able to modify logical IDs by virtue of their Modify entity properties privilege will no longer be able to, unless they were administrators or partition administrators in the old system.
- Modify password settings
- Allows the user to modify user password settings.
- Modify activity trail settings
- Allows the user to configure which activity types should be logged.
- Modify audio files
- Allows the user to modify audio files, and to add and delete custom ones.
- Modify incident categories
- Allows the user to add, modify, and delete incident categories.
- Modify enabled features
- Allows the user to enable and disable licensed features.
- View macro properties
- Allows the user to view macro properties.NOTE: Only administrators can add, modify, and delete macros.
- Acknowledge alarms
- Allows the user to acknowledge alarms (this is not a new privilege).
- Forcibly acknowledge alarms
- Forcibly acknowledge alarms that have an active condition attached.
Privileges that are no longer exclusive to administrators starting in 5.8
Starting in Security Center 5.8 GA, users no longer need to be members of the Administrators user group to perform the following actions.- View threat levels
- Allows the user to view threat levels.
- Modify threat levels
- Allows the user to modify threat levels.
- Add threat levels
- Allows the user to add threat levels.
- Delete threat levels
- Allows the user to delete threat levels.
- Video
- Allows the user to run the Video task (this is not a
new privilege).
- Archive transfer
- Allows the user to perform archive transfers from the Video task.
- Access control
- Allows the user to run the Access control task (this
is not a new privilege).
- General settings
- Allows the user to view and modify access control configuration settings such as custom card formats and HID Mobile Access.
- Import tool
- Allows the user to launch the Import tool.
Privileges that remain exclusive to administrators
- Adding, modifying, and deleting macros.
- Creating generic event-to-actions (without a specific source entity).
- Running the Diagnostic data collector.