Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Archive > 2017October30 - LEM Deletes > Add and control user groups

Add and control user groups

Created by Caroline Juszczak, last modified by Kevin.Swinson on Oct 30, 2017

Views: 15 Votes: 0 Revisions: 5

Use the Build > Users to add and delete users, edit user settings, and restrict LEM reports.

Create a new user

You can add a new user and their email address by completing the User Information form. This form records the individual settings for each user in your deployment. The manager uses the email addresses to notify a user when an assigned alert event occurs.

Beginning with LEM version 5.4, the Build > Users view integrates with Microsoft Active Directory. You can import domain users or groups to create LEM console users with domain credentials.

Before you import a new user into LEM, be sure their Active Directory account includes a valid email address so they can receive email messages based on your LEM??rules. After you import a user, you cannot change or add the email address for the LEM user account.

Create a new user in the console

  1. Verify that the email connector settings are configured properly in the manager.
  2. Click Build > Users.
  3. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/070/070/Button-Plus(Gray)_16x12.png and select New User.

    Click the Manager drop-down menu and select a manager for this user.

  4. Enter a user name for this user.

    You cannot use admin_role, audit_role, or reports_role for a user name.

  5. Enter the first and last name.
  6. Enter a user password to access the manager. This can be an initial system password or a temporary password that is assigned to replace a forgotten password.

    If the Must Meet Complexity Requirements check box is selected in the Manage > Appliance > Properties > Settings tab, the console enforces the following policy:

    • Passwords must have a minimum of six characters. Spaces are not allowed.
    • Passwords must have two of the following three attributes: at least one special character, at least one number, and a mix of lowercase and uppercase letters.
  7. Enter the password again in the Confirm Password field.
  8. Select a LEM role for this user.

    • Administrator has full access to the system, and can view and modify everything.
    • Auditor has extensive view rights to the system, but cannot modify anything other than their own filters.
    • Monitor can access the console, but cannot view or modify anything, and must be provided a set of filters.
    • Contact cannot access the console, but can receive external notification.
    • Guest has extensive view rights to the system, but cannot modify anything other than their own filters.
  9. Click View Role to open the Privileges form and view the privileges for the new user.

    These settings cannot be changed.

  10. Type a brief description (up to 50 characters) for the user title, position, or area of responsibility in the Description field.

  11. Add an email address in the Contact Information field so the manager can notify this user by email regarding network security events. You can add as many email addresses as required.
    1. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/070/070/Button-Plus_12x11.png and enter an email address in the field using the following format, and then click Save:

      username@yourdomain.com

    2. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/070/070/lem-ug-test-email-address.png to send a test email to the email address.
    3. Verify that the user received the email test message.

      If the message was not received, edit the email address or adjust the email connector settings in the manager. .

    4. Repeat step a through c to add additional email addresses.
  12. Click Save.

    The user is configured in the LEM.

Create a new user from an Active Directory user

  1. Open your LEM console and log in to your LEM appliance.
  2. Configure the Directory Service Query connector on your LEM appliance (if required).
  3. Click Build > Users.
  4. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/070/070/Button-Plus(Gray)_12x9.png and select Directory Service User.
  5. Select the Organizational Unit and Group where you want to add the user.
  6. Select the user you want to add from the Available Users column, and then click Select User.
  7. Select a LEM Role in the User Information form.

    Click View Role to see details about each role.

  8. Enter a user description.

    If you change the Description field, your changes apply to the LEM user account and not the Active Directory account.

  9. Click Save.

    The new user is created.

Create a new user from an Active Directory group

  1. Open your LEM console and authenticate to your LEM appliance.
  2. Configure the Directory Service Query connector on your LEM appliance (if required).
  3. Click Build > Users.
  4. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/070/070/Button-Plus(Gray)_13x10.png and select Directory Service Group.
  5. Select the Organizational Unit to which the group you want to add belongs.
  6. Select the group you want to add from the Available Groups column, and then click Select Group.
  7. Select a LEM Role in the User Information form.

    Click View Role to see details about each role.

    If you want members of this group to have different LEM user roles, change their roles after you complete this procedure.

  1. Enter a user description.

    The description only applies to the LEM user accounts and not the Active Directory accounts.

  2. Click Save.

    The user is created.

Edit user settings

You can update all user settings in the Build >??Users view. Only the description and role can be edited for Active Directory users.

  1. Click Build > Users.
  2. In the Users grid, click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/070/070/Button-Gear_18x15.png next to a user and select Edit.
  3. Update the user information in the User Information pane.

    To delete an email address, click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/070/070/Icon-DeleteEmail.png next to each email address you want to delete.

  4. Click Save.

    The user information is updated.

Delete a user from a manager

  1. Click Build > Users.
  2. In the Users grid, locate the user you want to delete.
  3. In the Users grid, click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/070/070/Button-Gear_18x15.png next to the targeted user and select Delete.

    You cannot delete the admin user from the system.

  4. When prompted, click Yes to confirm the delete.

    The user is removed from the Users list and is no longer authorized to use the manager.

Restrict LEM reports

Access to LEM reports is restricted by default. To run LEM reports for the first time, enable LEM manager to allow specific computers to run LEM reports or remove all LEM reports restrictions.

Configure LEM manager to allow specific computers to run LEM reports

  1. Log in to your LEM virtual appliance using either the vSphere console view or an SSH client (such as PuTTY).
  2. At the cmc> prompt, enter service.
  3. At the cmc::scm# prompt, enter restrictreports.
  4. Press Enter.
  5. Separate each IP address of the computers you want to run LEM Reports with a space.

    Ensure you provide a complete list, as your entry overrides any previous entries.

  6. Enter y to confirm your entry.
  7. Enter exit to return to the cmc> prompt.
  8. Enter exit to log out of your LEM virtual appliance.

Remove all report restrictions

  1. Log in to your LEM virtual appliance using either the vSphere console view, or an SSH client (such as PuTTY).
  2. At the cmc> prompt, enter service.
  3. At the cmc::scm# prompt, enter unrestrictreports.
  4. Press Enter.

    Unrestricting LEM reports enables any computer on your network to access the LEM database and run LEM reports.

  5. Enter exit to return to the cmc> prompt.
  6. Enter exit to log out of your LEM virtual appliance.
 
Last modified

Tags

This page has no custom tags.

Classifications

Public