Adding a User
To Add a user, perform the following steps:
-
From the Continuous Dynamic Portal menu, click Admin.
-
From the tabs displayed, select User Management.
-
Click Add User.
You must enter a Username/email, Primary client, and First and Last name. -
Type a Username/email in the text field provided.
-
Type a First name in the text field provided.
-
Type a Last name in the text field provided.
-
Select a Primary client from the drop down list.
-
Click Save to save all the information provided.
Assigning Roles and Assets
Until a user has been assigned to at least one role and asset, the user can navigate in the Portal but will see no data. A Group Administrator or Sentinel Administrator will need to edit the user to assign both at least one role and at least one asset before any data will be visible to the user.
To understand the available user roles, please see Understanding User Roles.
To Add or Edit user roles, perform the following steps:
-
From the main Portal menu, click Admin.
-
From the tabs displayed, select User Management.
-
Click on the user name to see the details for that user.
-
Click on Edit under Assigned Roles to add roles and the relevant associated groups or assets.
You will be able to add each desired role and the groups and assets associated with that role.
Role Assignment Priorities
If a user has one role with regard to a given asset, and is given another role for the same asset (e.g. for a group that includes that asset), only the higher-privileged role will be available for that user-asset combination.
For example: If user Jane Doe is assigned the role Developer for the asset-group Blue Assets, and is also assigned the role Sec-Ops Admin for the asset-group Red Assets, and the individual asset Violet is a member of both of those groups, then Jane Doe will have Sec-Ops Admin privileges for the asset Violet, even though she has only developer privileges for the other members of the asset-group Red Assets. The Sec-Ops Admin role has higher privileges than the Developer role.
The only exception to this rule is that— If a user has been assigned a SecOps Admin role for an asset, and then is made a Group Administrator for a Group that includes that asset, Or if a user has been assigned a Group Administrator role for an asset, and then is made a SecOps Admin for a Group that includes that asset, Then, in either case, the user will have the privileges of a Group Admin with regard to that asset, and in addition will have the ability (associated with the SecOps Admin role) to onboard an Application, whether they have had that privilege enabled as a Group Administrator or not. |
Individual Asset and Asset Group Assignment Priorities
If a user needs to have permissions for a specific individual asset but not have those permissions for the group of assets the individual asset is part of, the asset must be associated with the user and role before it is added to the asset group. If an asset is part of a group, then only the group can be associated with a user-role.
This works: |
---|
1. Create an individual Asset |
2. Assign the individual Asset to an Asset Group |
3. Assign the Asset Group to a User Role |
This works: |
---|
1. Create an individual Asset |
2. Assign the individual Asset to a User-Role |
3. Assign the Individual Asset to an Asset Group |
This does not work: |
---|
1. Create an individual Asset |
2. Assign the individual Asset to an Asset-Group |
3. Assign the individual Asset to a User-Role |
Assigning Assets and Roles
To Edit user roles, or assign assets perform the following steps:
-
Under Role, select the desired role from the dropdown list.
-
Select either Groups of Assets or Individual Assets.
-
To assign assets, select them in the Available box (to the left).
-
Click the right-arrow to move them to the Selected box (to the right).
-
Click Save, the user will be assigned that role for those assets. To assign both groups and individual assets, assign one type first, click Save, and then assign the second type and click Save again.
-
To remove an asset, use the left-arrow to move that asset from Selected to Available.
If an asset is part of a group that has been assigned to this user and role, it cannot be removed as an individual asset, in the Individual assets association type, assets that are part of a group will be shown grayed out. Asset Count will reflect all the assets in any assigned group as well as any individual assets. |
Assigning Single Assets
Assets may be assigned to no groups, one group, or multiple groups. Users may be assigned roles with respect to either individual assets or assets in a group. However, if a user has privileges for a group that contains a particular asset, that asset may not also be assigned to that user individually.
-
You may assign any given user any group or combination of groups.
-
You may assign any given user any asset not included in a group.
-
You may assign any given user both group(s) and assets not included in a group.
However, once an asset is assigned to a group, it cannot be associated with a user as an individual asset. It can only be assigned if the group of which it is a member is assigned.
Once you have assigned client(s) if any, role(s), and asset(s) to the user, you will see that information on the User Details screen: