Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

User Roles

 

A user role defines the functions that a user can access in JSA.

During the installation, two default user roles are defined: Admin and All.

Before you add user accounts, you must create the user roles to meet the permission requirements of your users.

Creating a User Role

Create user roles to manage the functions that a user can access in JSA.

By default, your system provides a default administrative user role, which provides access to all areas of JSA. Users who are assigned an administrative user role cannot edit their own account. This restriction applies to the default Admin user role. Another administrative user must make any account changes.

  1. On the navigation menu (), click Admin.
  2. Click System Configuration >User Management>User Roles.
  3. On the toolbar, click New.
  4. In the User Role Name field, type a unique name for this user role.
  5. Select the permissions that you want to assign to the user role.

    Learn more about user role permissions:

    The permissions that are visible on the User Role Management window are dependent on which JSA components are installed.

    Table 1: Description of User Role Management window permissions

    Permission

    Description

    Admin

    Grants administrative access to the user interface. You can grant specific Admin permissions.

    Users with System Administrator permission can access all areas of the user interface. Users who have this access cannot edit other administrator accounts.

    Delegated Administration

    Grant users permissions to perform limited administrative functions. In a multi-tenant environment, tenant users with Delegated Administration permissions can see only data for their own tenant environment. If you assign other administrative permissions that are not part of Delegated Administration, tenant users can see data for all tenants.

    Offenses

    Grants the access to all the functions on the Offenses tab.

    User roles must have the Maintain Custom Rules permission to create and edit custom rules.

    Log Activity

    Grants access to functions in the Log Activity tab. You can also grant specific permissions:

    • Maintain Custom Rules - Grants permission to create or edit rules that are displayed on the Log Activity tab.

    • Manage Time Series - Grants permission to configure and view time series data charts.

    • User Defined Event Properties - Grants permission to create custom event properties.

    • View Custom Rules - Grants permission to view custom rules. If granted to a user role that does not also have the Maintain Custom Rules permission, the user role cannot create or edit custom rules.

    Assets

    Note: This permission is displayed only if JSA Vulnerability Manager is installed on your system.

    Grants access to the function in the Assets tab. You can grant specific permissions:

    • Perform VA Scans - Grants permission to complete vulnerability assessment scans. For more information about vulnerability assessment, see the Juniper Secure Analytics Managing Vulnerability Assessment Guide.

    • Remove Vulnerabilities - Grants permission to remove vulnerabilities from assets.

    • Server Discovery - Grants permission to discover servers.

    • View VA Data - Grants permission to vulnerability assessment data. For more information about vulnerability assessment, see the Juniper Secure Analytics Managing Vulnerability Assessment Guide.

    Network Activity

    Grants access to all the functions in the Network Activity tab. You can grant specific access to the following permissions:

    • Maintain Custom Rules - Grants permission to create or edit rules that are displayed on the Network Activity tab.

    • Manage Time Series - Grants permission to configure and view time series data charts.

    • User Defined Flow Properties - Grants permission to create custom flow properties.

    • View Custom Rules - Grants permission to view custom rules. If the user role does not also have the Maintain Custom Rules permission, the user role cannot create or edit custom rules.

    • View Flow Content - Grants permission to access to flow data.

    Reports

    Grants permission to access all of the functions on the Reports tab.

    • Distribute Reports via E-mail - Grants permission to distribute reports through e-mail.

    • Maintain Templates - Grants permission to edit report templates.

    Vulnerability Manager

    Grants permission to JSA Vulnerability Manager function. JSA Vulnerability Manager must be activated.

    For more information, see the Juniper Secure Analytics Vulnerability Manager User Guide.

    IP Right Click Menu Extensions

    Grants permission to options added to the right-click menu.

    Platform Configuration

    Grants permission to Platform Configuration services.

    • Dismiss System Notifications - Grants permission to hide system notifications from the Messages tab.

    • View Reference Data - Grants permission to view reference data when it is available in search results.

    • View System Notifications - Grants permission to view system notifications from the Messages tab.

  6. In the Dashboards area, select the dashboards you want the user role to access, and click Add.Note

    A dashboard displays no information if the user role does not have permission to view dashboard data. If a user modifies the displayed dashboards, the defined dashboards for the user role appear at the next login.

  7. Click Save and close the User Role Management window.
  8. On the Admin tab menu, click Deploy Changes.

Editing a User Role

You can edit an existing role to change the permissions that are assigned to the role.

To quickly locate the user role you want to edit on the User Role Management window, you can type a role name in the Type to filter text box. This box is located above the left pane.

  1. On the navigation menu (), click Admin.
  2. Click System Configuration >User Management>User Roles.
  3. In the left pane of the User Role Management window, select the user role that you want to edit.
  4. In the right pane, update the permissions, as necessary.

    Learn more about user role permissions:

    The permissions that are visible on the User Role Management window are dependent on which JSA components are installed.

    Table 2: Description of User Role Management window permissions

    Permission

    Description

    Admin

    Grants administrative access to the user interface. You can grant specific Admin permissions.

    Users with System Administrator permission can access all areas of the user interface. Users who have this access cannot edit other administrator accounts.

    Delegated Administration

    Grant users permissions to perform limited administrative functions. In a multi-tenant environment, tenant users with Delegated Administration permissions can see only data for their own tenant environment. If you assign other administrative permissions that are not part of Delegated Administration, tenant users can see data for all tenants.

    Offenses

    Grants the access to all the functions on the Offenses tab.

    User roles must have the Maintain Custom Rules permission to create and edit custom rules.

    Log Activity

    Grants access to functions in the Log Activity tab. You can also grant specific permissions:

    • Maintain Custom Rules - Grants permission to create or edit rules that are displayed on the Log Activity tab.

    • Manage Time Series - Grants permission to configure and view time series data charts.

    • User Defined Event Properties - Grants permission to create custom event properties.

    • View Custom Rules - Grants permission to view custom rules. If granted to a user role that does not also have the Maintain Custom Rules permission, the user role cannot create or edit custom rules.

    Assets

    Note: This permission is displayed only if JSA Vulnerability Manager is installed on your system.

    Grants access to the function in the Assets tab. You can grant specific permissions:

    • Perform VA Scans - Grants permission to complete vulnerability assessment scans. For more information about vulnerability assessment, see the Juniper Secure Analytics Managing Vulnerability Assessment Guide.

    • Remove Vulnerabilities - Grants permission to remove vulnerabilities from assets.

    • Server Discovery - Grants permission to discover servers.

    • View VA Data - Grants permission to vulnerability assessment data. For more information about vulnerability assessment, see the Juniper Secure Analytics Managing Vulnerability Assessment Guide.

    Network Activity

    Grants access to all the functions in the Network Activity tab. You can grant specific access to the following permissions:

    • Maintain Custom Rules - Grants permission to create or edit rules that are displayed on the Network Activity tab.

    • Manage Time Series - Grants permission to configure and view time series data charts.

    • User Defined Flow Properties - Grants permission to create custom flow properties.

    • View Custom Rules - Grants permission to view custom rules. If the user role does not also have the Maintain Custom Rules permission, the user role cannot create or edit custom rules.

    • View Flow Content - Grants permission to access to flow data.

    Reports

    Grants permission to access all of the functions on the Reports tab.

    • Distribute Reports via E-mail - Grants permission to distribute reports through e-mail.

    • Maintain Templates - Grants permission to edit report templates.

    Vulnerability Manager

    Grants permission to JSA Vulnerability Manager function. JSA Vulnerability Manager must be activated.

    For more information, see the Juniper Secure Analytics Vulnerability Manager User Guide.

    IP Right Click Menu Extensions

    Grants permission to options added to the right-click menu.

    Platform Configuration

    Grants permission to Platform Configuration services.

    • Dismiss System Notifications - Grants permission to hide system notifications from the Messages tab.

    • View Reference Data - Grants permission to view reference data when it is available in search results.

    • View System Notifications - Grants permission to view system notifications from the Messages tab.

  5. Modify the Dashboards options for the user role as required.
  6. Click Save.
  7. Close the User Role Management window.
  8. On the Admin tab menu, click Deploy Changes.

Deleting a User Role

If a user role is no longer required, you can delete the user role.

If user accounts are assigned to the user role you want to delete, you must reassign the user accounts to another user role. The system automatically detects this condition and prompts you to update the user accounts.

You can quickly locate the user role that you want to delete on the User Role Management window. Type a role name in the Type to filter text box, which is located above the left pane.

  1. On the navigation menu (), click Admin.
  2. Click System Configuration >User Management>User Roles.
  3. In the left pane of the User Role Management window, select the role that you want to delete.
  4. On the toolbar, click Delete.
  5. Click OK.
    • If user accounts are assigned to this user role, the Users are Assigned to this User Role window opens. Go to Step 7.

    • If no user accounts are assigned to this role, the user role is successfully deleted. Go to Step 8.

  6. Reassign the listed user accounts to another user role:
    1. From the User Role to assign list box, select a user role.

    2. Click Confirm.

  7. Close the User Role Management window.
  8. On the Admin tab menu, click Deploy Changes.