Differences between Security Center 5.x and 5.7 privileges - Security Center 5.7 SR4

Security Center Installation and Upgrade Guide 5.7 SR4

series
Security Center 5.7 SR4
revised_modified
2018-11-02

Beginning in Security Center 5.7 GA, most privileges that were reserved exclusively to administrators, such as adding users, can now be granted individually. Some actions, such as modifying the logical IDs, that used to be covered under generic privileges, now require specific privileges, because they might affect the entire system.

Privileges that are no longer exclusive to administrators in 5.7

Starting in Security Center 5.7 GA, users no longer need to be members of the Administrators user group to perform the following actions.

Most new privileges are grouped under Administrative privileges > System management.
View network properties
Allows the user to view network properties (also grants access to the Network view task).
Modify network properties
Allows the user to modify network properties, and to add and delete network entities.
View partition properties
Allows the user to view partition properties (also grants access to the User management task).
Modify partition properties
Allows the user to modify partition properties.
Add partitions
Allows the user to add partitions.
Delete partitions
Allows the user to delete partitions.
View role properties
Allows the user to view role properties (also grants access to the System task, Roles view).
Modify role properties
Allows the user to modify role properties.
NOTE: If a role belongs to multiple partitions, changing any role property (for example, deactivating the role) affects all partitions, not just the ones the user has access to.
Add roles
Allows the user to add roles.
Delete roles
Allows the user to delete roles.
View server properties
Allows the user to view server properties (must be combined with View network properties privilege).
Modify server properties
Allows the user to modify server properties.
Delete servers
Allows the user to delete servers.
View user group properties
Allows the user to view user group properties (also grants access to the User management task).
Modify user group properties
Allows the user to modify user group properties.
NOTE: Users can never grant privileges that they do not have. For example, a user cannot add a member to a user group if the user group has privileges that they do not have. If a privilege operation requires more privileges than the user has, the operation will be denied.
Add user groups
Allows the user to add user groups.
Delete user groups
Allows the user to delete user groups.
View user properties
Allows the user to view user properties (also grants access to the User management task).
Modify user properties
Allows the user to modify user properties.
Add users
Allows the user to add users.
Delete users
Allows the user to delete users.
View general settings
Allows the user to view general settings.
NOTE: All general settings have a system-wide scope, so exercise great care when making any changes.
Modify custom field definitions
Allows the user to add, modify, and delete custom field definitions and custom data types.
Modify custom events
Allows the user to add, modify, and delete custom events, and change event colors.
Modify event-to-actions
Allows the user to add, modify, and delete event-to-actions.

If you upgraded from 5.6 or earlier to 5.7, users who used to be able to modify event-to-actions by virtue of their System task privilege will no longer be able to, unless they are explicitly granted the Modify event-to-actions privilege in the new system.

Modify logical IDs
Allows the user to modify the logical ID of entities (must be combined with Modify entity properties privileges).

If you upgraded from 5.6 or earlier to 5.7, users who used to be able to modify logical IDs by virtue of their Modify entity properties privilege will no longer be able to, unless they were administrators or partition administrators in the old system.

Modify password settings
Allows the user to modify user password settings.
Modify activity trail settings
Allows the user to configure which activity types should be logged.
Modify audio files
Allows the user to modify audio files, and to add and delete custom ones.
Modify incident categories
Allows the user to add, modify, and delete incident categories.
Modify enabled features
Allows the user to enable and disable licensed features.
View macro properties
Allows the user to view macro properties.
NOTE: Only administrators can add, modify, and delete macros.
One new privilege is found under Action privileges > Alarms.
Acknowledge alarms
Allows the user to acknowledge alarms (this is not a new privilege).
Forcibly acknowledge alarms
Forcibly acknowledge alarms that have an active condition attached.

Privileges that remained exclusive to administrators

The following privileges remained exclusive to members of the Administrators user group.
  • Adding, modifying, and deleting macros.
  • Viewing, adding, modifying, and deleting threat levels.
  • Creating generic event-to-actions (without a specific source entity).
  • Configuring archive transfers (using the Archive transfer task).
  • Configuring the general settings from the Access control task (card request reasons, custom card format, and so on).
  • Running the Import tool.
  • Running the Diagnostic data collection tool.