11.11 User Configurations

You must have the user permission in order to work in the User Configuration window.

User configuration allows you to:

Create a User Account

Modify a User Account

View Details of a User Account

Clone a User Account

Delete a User Account

Terminating an Active Session

Add a iTRAC Role

Delete iTRAC Role

Viewing details of an iTRAC Role

The installer will create the following default users on the Sentinel Server:

11.11.1 Oracle and Microsoft SQL 2005 Authentication:

  • esecdba: Schema owner (configurable at install time).

  • esecadm: Sentinel administrator user (configurable at install time).

    NOTE:For UNIX, the Installer also creates the operating system user with the same user name and password.

  • esecrpt: Sentinel Reporter User, password as the admin user.

  • ESEC_CORR: Sentinel Correlation Engine users, used to create incidents.

  • esecapp: Sentinel application username for connecting to the database.

11.11.2 Windows Authentication:

  • Sentinel DB Administrator: Schema owner (configurable at install time).

  • Sentinel Administrator: Sentinel administrator user (configurable at install time).

  • Sentinel Report User: Sentinel Reporter user, password as the admin user.

  • Sentinel Application DB User: Sentinel application username for connecting to the database

11.11.3 Opening the User Manager Window

To open the User Manager window:

  1. Click the Admin tab.

  2. Click Admin > User Configuration.

11.11.4 Creating a User Account

In order to meet stringent security configurations required by Common Criteria Certification, Sentinel requires a strong password with the following characteristics:

  • Select passwords of at least 8 with characters in length that includes at least one uppercase letter, one lower case letter, one special symbol (!@#$%^&*()_+), and one numeral (0-9).

  • Your password should not contain your e-mail name or any part of your full name.

  • Your password should not be a common word. For example, it should not be a word in the dictionary or slang in common use.

  • Your password should not contain words from any language, because numerous password-cracking programs exist that can run through millions of possible word combinations in seconds.

  • You should select a password you can remember that is still complex. For example, Msi5!YOld (My Son is 5 years old) or IhliCf5#yN (I have lived in California for 5 years now).

To use this feature, you must have the User Management user permission. User permissions are fairly detailed. For more information, see Sentinel Database Users, Roles, and Access Permissions in the Sentinel 6.1 Reference Guide.

Creating an LDAP User Account for Sentinel

NOTE:By default, the LDAP option is disabled. Configure the Sentinel 6.1 server as given in Configuring the Sentinel 6.1 Server for LDAP Authentication in the Sentinel 6.1 Installation Guide to enable this option.

  1. Select the Admin tab.

  2. Expand the User Configuration folder in the navigation tree.

  3. Select User Manager.

    The User Manager window is displayed.

  4. Click Add User or right-click any user and select Add User.

    The Add User window is displayed.

  5. In the Add user window, perform the following:

    1. Select LDAP for authentication.

    2. Specify the LDAP username based on the value you specified for Anonymous searches on LDAP directory parameter while configuring LDAP authentication.

      • y: The User Name must be the same as the eDirectory username or Active Directory sAMAccountName.

      • n: The User Name need not be the same as the eDirectory username or Active Directory sAMAccountName.

    3. Click the drop-down arrow on the Security Filter drop-down list.

      The Filter Selection window is displayed that lists all the public filters.

      1. Select a filter, and click Select or click Add to create a filter, then select the new filter.

        After assigning a security filter to a user, you cannot delete that filter.

    4. Specify the fully qualified Distinguished Name of the LDAP user in the LDAP USER DN field. Do not leave the LDAP User DN field empty.

      For example, cn=sentinel_ldap_user,o=novell

      This field is available only if you have specified n for Anonymous searches on LDAP directory parameter while configuring LDAP authentication. For more information, see LDAP Authentication in Sentinel 6.1 Installation Guide.

      NOTE:If you had opted to perform anonymous searches when you had last run the ldap_auth_config script, and now you do not want to perform anonymous searches:

      Run the script ldap_auth_config script again, and specify n for Anonymous searches on LDAP directory. For each existing LDAP user, right-click and select User Details and specify the fully qualified DN of the LDAP user in the LDAP User DN field.

    5. (Optional) Under Details, specify the following:

      • First Name

      • Last Name

      • Department

      • Phone

      • Email

    6. Click the Permissions tab and assign user permissions. For more information about permissions, see Sentinel Control Center User Permissions in the Sentinel 6.1 Reference Guide.

    7. Click the Roles tab and select an iTRAC workflow role for the user. This affects what work items appear in the user’s work list.

    8. Click OK.

You can now log in to Sentinel Control Center and Sentinel Solution Designer using your LDAP username and password.

Creating a Database User Account for Sentinel

  1. Select the Admin tab.

  2. Expand the User Configuration folder in the navigation tree.

  3. Select User Manager.

    The User Manager window is displayed.

  4. Click Add User or right-click any user and select Add User.

  5. Under Authorization:

    • Select Local for Authentication.

    • Specify User Name.

    • Specify Password.

    • Confirm Password.

  6. For Security Filter, click the down arrow. The Filter Selection window displays and shows all public filters.

  7. Select a filter and click Select or click Add to create and then select a new filter.

    NOTE:After assigning a security filter to a user, you cannot delete that filter.

    (Optional) Under Details, specify:

    • First Name

    • Last Name

    • Department

    • Phone

    • Email

  8. Click the Permissions tab and assign user permissions.

  9. Click the Roles tab and select an iTRAC workflow role for the user.

  10. Click OK.

NOTE:Oracle does not allow the creation of users named the same as one of the Oracle Reserved words. Also, Sentinel does not allow you to use these names.

Creating a Domain User Account for Sentinel

NOTE:The Domain option is enabled only if the Sentinel server is installed on a Windows ptatform.

  1. Select the Admin tab.

  2. Open the User Configuration folder.

  3. Open the User Manager window.

    Click Add a new User,

    or highlight any user, right-click any user and select Add User.

  4. Under Authorization:

    • Select Domain authentication.

    • Specify an existing User Name in the form Domain\Username.

  5. For Security Filter, click the down arrow. The Filter Selection window displays and shows all public filters.

  6. Select a filter and click Select or click Add to create and then select a new filter.

    NOTE:After assigning a security filter to a user, you cannot delete that filter.

    (Optional) Under Details, specify:

    • First Name

    • Last Name

    • Department

    • Phone

    • Email

  7. Click the Permissions tab and assign user permissions. For more information about permissions, see Sentinel Control Center User Permissions in Sentinel 6.1 Reference Guide.

  8. Click the Roles tab and select an iTRAC workflow role for the user. This affects what work items appear in the user’s work list.

  9. Click OK.

NOTE:Oracle does not allow the creation of users named the same as one of the Oracle Reserved words. Also, Sentinel does not allow you to use these names.

11.11.5 Modifying a User Account

To use this feature, you must have the User Management permission.

NOTE:The Sentinel Database Administrator, Sentinel Administrator, Sentinel Application User, and Sentinel Report User are created during installation. For more information about changing passwords for these users, see Sentinel Accounts and Password Changes in Sentinel 6.1 Reference Guide.

To modify a user account:

  1. Open the User Manager window.

  2. Double-click a user account or right-click > User Details.

  3. Modify the account.

  4. Click OK.

11.11.6 Viewing Details of a User Account

To use this feature, you must have the User Management permission.

To view user account details:

  1. Open the User Manager window.

  2. Double-click a user account or right-click > User Details.

    Review the details of the user account and close the window.

11.11.7 Cloning a User Account

To clone a user account:

  1. Open the User Manager window.

  2. Select a user account ID, right-click > Clone User.

    Change the user information and the user permissions.

    Click Save.

11.11.8 Deleting a User Account

To use this feature, you must have the User Management permission.

To delete a user account:

  1. Open the User Manager window.

  2. Select a user account ID, right-click > Delete User.

  3. A Delete box displays. Click Yes to Delete the User.

11.11.9 Terminating an Active Session

To terminate an active session:

  1. Open the Active User Sessions window.

  2. Highlight an active session you want to terminate.

    Right click > Kill Session.

    You will be prompted for a termination message. This option is provided so that you can inform the user why you are killing the session.

    NOTE:If the Client machine has multiple network interfaces, the IP Address displayed in the Active User Sessions window might not be the desired IP address, as the non-loop back IP address of the first NetworkInterface returned by the system is displayed.

11.11.10 Adding an iTRAC Role

To add an iTRAC Role:

  1. Open the Role Manager window.

  2. Click Add a new Role,

    or right-click > Add New Role.

11.11.11 Deleting an iTRAC Role

To delete an iTRAC Role:

  1. Open the Role Manager window.

  2. Select a role, right-click > Delete Role.

11.11.12 Viewing Details of a Role

To view role details:

  1. Open the Role Manager window.

  2. Select a role, right-click > Role Details.