Solutions

How can I create, and manage users on my Director appliance?

Solutions ID:    KB4759
Version:    4.0
Status:    Published
Published date:    11/18/2011
Updated:    02/07/2014
 

Problem Description

What do the privilege levels of 1, 7  and15 mean?

What are the default accounts on Director?

What are the default passwords for a Director appliance?

 

Resolution

The default accounts are sadmin, monitor, and admin, with each account having no password by default. Blue Coat recommends that the default admin account be
used to administer Director. Another account, monitor, exists by default on Director which allows the user to view configuration changes to the system. sadmin intended to allow users to manage content filtering policy. See Chapter 8 of the CMG guide for more information.


You can create other accounts with different privileges and require users to use one of those accounts instead of admin. (If you decide to create user accounts on Director, assign a password on the admin account to prevent users from logging on with full privileges.) The user accounts you create can be as secure as you want them, from no password to restricting users to one of the modes: Standard, Enable, or Configuration. Restricting users to one of the modes is called setting the privilege level.

All user accounts, by default, have all privileges.
If the privilege level is:

  • Privilege level 1 Standard mode only is available, meaning that you can view Director logs and the results of commands but you cannot change them. You cannot log into the JAVA UI in this mode.
  • Privilege level 7 Standard and Enable modes are available, meaning you can do one-time
    tasks, but cannot schedule repeating tasks or configure devices or device
    groups.
  • Privilege level15 (the default): All three modes are available, including Configuration mode, the most powerful. You can schedule jobs, manage content, and manage users.

NOTE1: You can also make permanent changes to Director configuration. If the privilege level is changed during a session, the new privileges take effect
immediately.

NOTE2: The username commands create local user accounts on Director only. They do not affect the accounts on remote authentication servers.

NOTE3: Director can user either Radius, or TACACS+ authentication protocols.  However, only Radius allows you to set the above mentioned privilege levels.

NOTE4: Information in this article was taken from page 568 of the Director 5.5 administration manual.

 

Links to other articles:

For a list of what commands can be executed with an delegated admin user id, bnased on their  priviledge mode, see FAQ1626

For more details on how to implement the RADIUS protocol with a Cisco ACS server, see FAQ2878

For more details on how to implement the TACACS+ protocol with a Cisco ACS server, see FAQ2879

For details on the username CLI command, as well as other CLI commands, see KB4178


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question