Administrative Users

An administrative user is a local or domain user account that has access to specific administrative or reporting functions on the ESM Console. Using role-based access control (RBAC), you can assign specific privileges and responsibilities to a role and then assign that role to one or more users who require the same access permissions.
rbac-users-expanded.png
As a best practice, create a separate administrative account for each person who needs access to the ESM Console. This provides better protection against unauthorized configuration (or modification) and enables logging of all actions for each individual administrator.
Use the ESM Console to assign administrative access to any of the following account types:
Account Type
Description
User
(Machine or domain authentication) Existing domain or local user account used to log into the ESM Console. The ESM Console authenticates the user in one of two ways:
  • Domain authentication—authenticates using the credentials stored in Active Directory.
  • Machine authentication—authenticates using the credentials stored on the local system on which the ESM Console is installed.
Group
(Domain authentication only) Extends administrative access to all members of a security group and uses the authentication credentials defined in Active Directory to authenticates the user.
Organizational Unit
(Domain authentication only) Extends administrative access to all members of an organizational unit and uses the authentication credentials defined in Active Directory to authenticates the user.
The ESM Console does not retain credentials for any administrative account. To change the credentials of an administrative account, you must modify them on the local machine if using machine authentication or in Active Directory if using domain authentication.

Related Documentation