- OS Support
- Enterprise Edition Reference Manual
- NXLog Manager
- NXLog Add-Ons
NXLog Manager has a sophisticated user and role management system which makes it possible to allow or deny access to certain features and/or resources such as reports or the log data itself.
The user management interface can be accesed by clicking on the USERS menu item under the ADMIN menu. The default installation has only the admin user. To add a new user, click on the Add User below the left panel as seen in the following screenshot.
The following dialog window will appear where the user’s details and credentials can be provided.
Make sure to toggle the Enable user checkbox. After clicking on Submit, the newly created user should appear in the list.
If the user is planned to manage certificates, it is recommended here one of ROLE_ADMINISTRATOR or ROLE_CERTIFICATE to be assigned immediately. This way the new user will receive his encryption key which is necessary to en(de)crypt certificates private keys (certificates encryption) if this encryption is enabled (encryption setting).
You can select the user in the list and click Edit. This lets you change the user information and user’s roles.
The assigned roles are shown in the second block in the right hand side. Click Edit to modify the user’s roles. The following fragment will appear:
Select the roles needed for this user. When all required roles are added, click Save. If ROLE_ADMINISTRATOR or ROLE_CERTIFICATE is assigned in this box, the application will ask for user’s password in order to generate his certificates encryption key. If the user is LDAP user, no password is required as in "Add user" dialog.
|By default the roles are with read-write permissions. To restrict certain roles to read-only, click once at the selected role.|
The role management interface can be accesed by clicking on the ROLES menu item under the ADMIN menu.
By default NXLog Manager comes with a built-in set of roles which are listed in the following screenshot on the left.
These built-in roles are as follows:
All functions are available to the user who has this role.
The AGENTS menu is not visible and the user may not configure, view or manage the agents without this role (or ROLE_ADMINISTRATOR).
The user may not access the PKI system (CERTIFICATES menu) and issue, modify or access certificates in any way without this role (or ROLE_ADMINISTRATOR).
The user may not create, modify or access any correlation rules and the CORRELATION menu without this role (or ROLE_ADMINISTRATOR).
The user may not create, modify or delete patterns without this role (or ROLE_ADMINISTRATOR).
This is a special role which denies any modification to the system by the user who has this.
The user may not access the user and role management system to create, modify or delete users and roles without this role (or ROLE_ADMINISTRATOR).
The above built-in roles may not be removed from the system.
It may be necessary to create special roles for more sophisticated access control Click Add role below the role list. The following dialog window will appear.
Click Submit after filling in the role’s name. It should appear in the list.