Console security includes the following components:
Console users and administrators
Roles and permissions
By setting console security, you determine appropriate access, enforcing secure management of vulnerabilities across your enterprise. You ensure that the appropriate personnel can identify vulnerabilities and perform the necessary corrective actions.
A console user is any user who uses the Secure Configuration Manager console. Console users, including console administrators, need the appropriate roles or permissions to perform activities through Secure Configuration Manager. For example, ensure that each console user has the Access IT Assets permission to read reports or perform actions on endpoints in your asset map. For more information, see Section 3.5, Managing Roles and Section 3.6, Managing Permissions.
Each console user requires a Secure Configuration Manager account. You can use the Secure Configuration Manager database to authenticate the console user account or configure Secure Configuration Manager to use an external authentication source. For more information, see Section 3.3, Managing User Authentication.
A console administrator is a console user who has administrator permissions in Secure Configuration Manager. For example, you can create a console administrator by assigning the Administrators role to a console user. A console administrator is not required to be an administrator or super user on a specific endpoint or platform. You do not need to grant escalated permissions on remote systems that Secure Configuration Manager is monitoring.
Console administrators can perform the following console security activities:
Implement and modify external authentication
Implement and modify password policy
Reset console user and console administrator account passwords
Create console user accounts
Create, copy, and modify roles
Assign permissions to roles or console users
Console administrators can also perform actions and generate reports through Secure Configuration Manager.
To help ensure that users and administrators are assigned the appropriate permissions, you can audit all actions users perform in Secure Configuration Manager using the Audit History log. Audit History lets you view and export actions that console users and administrators perform, such as logging on and off, adding exceptions, and modifying policy templates. Identifying when users perform non-job related tasks in Secure Configuration Manager helps you assess user permissions and role membership. To view audit history, your console user account needs the View Audit History permission. For more information, see Section 3.6, Managing Permissions.