user_management
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
user_management [2019/10/02 11:07] – [List of permissions and its description] lucy | user_management [2021/09/07 12:57] (current) – lucysecurity | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Introduction ====== | ====== Introduction ====== | ||
- | |||
LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through that role, assignments acquire the computer permissions to perform particular LUCY functions. | LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through that role, assignments acquire the computer permissions to perform particular LUCY functions. | ||
Line 6: | Line 5: | ||
===== Where can you configure the user settings? ===== | ===== Where can you configure the user settings? ===== | ||
- | In LUCY you will find the user settings under "Settings/Users": | + | In LUCY you will find the user settings under **Settings** > **Administrative |
+ | |||
+ | {{ usr_mng_3.png? | ||
+ | |||
+ | ===== User Roles in Lucy ===== | ||
+ | |||
+ | There are four types of admin accounts in Lucy: | ||
+ | - Administrator | ||
+ | - User | ||
+ | - View | ||
+ | - Supervisor | ||
- | {{ usr_mng_3.png?600 }} | + | {{:user_roles.png?400|}} |
+ | **Please note** that there are also End Users accounts in Lucy that come as a part of End User Portal functionality and have no admin rights. This type of accounts is automatically created for the recipients that were assigned to awareness training. More info [[end_user_e-learning_portal|here]] | ||
===== Is there a limitation on how many users can access LUCY? ===== | ===== Is there a limitation on how many users can access LUCY? ===== | ||
Line 19: | Line 29: | ||
===== What are the different user roles? ===== | ===== What are the different user roles? ===== | ||
+ | ==== Administrator ==== | ||
+ | |||
+ | An administrative account with full access and the highest priveleges. An administrator is capable of creating and deleting campaigns, managing all the custom data: recipients, clients, templates and etc. Administrator is also able to manage other administrative users' account data. You cannot segregate administrators in a way, that an admin A doesn' | ||
==== User ==== | ==== User ==== | ||
- | This user role created by the admin user can be given individual rights for each LUCY feature. The user can later be added to a specific | + | This user role can be used in order to separate control of Lucy content based on its affiliation with Clients. Users attributed |
+ | Please make sure to disable the user's permission " | ||
- | {{ usr_mng_1.png? | + | === Branches === |
- | {{ usr_mng1_2.png? | + | |
- | {{ usr_mng_2.png? | + | |
- | ==== Supervisor ==== | + | Starting from the 4.8 version [[client_setup# |
- | Maintain the overview with access | + | In order to manage client-related Administrative Users, Lucy allows |
- | {{ usr_mng_4.png?600 }} | + | In case a client has already predefined branches (under the Settings > Clients > Branches - more [[client_setup# |
- | You have the ability to define a supervisor who is able to START/STOP the campaign which was created by a user. To do so add a user to a campaign with all permissions selected, add his supervisor to the same campaign with " | + | {{:: |
- | ==== Administrators ==== | + | ===User permissions=== |
+ | This user role can be given individual rights for each LUCY feature. After filling out personal data for User account, one may choose various user permissions - that will define which data User will have access to and which Lucy functionality will be available for that account. | ||
- | The LUCY admin can save all settings within LUCY and run the campaign. This is the user that you need to perform your awareness | + | **Please Note** - **Clients** |
+ | In order to separate control of the data related | ||
+ | {{:: | ||
- | ==== View Only Users ==== | ||
- | |||
- | The View Only User can only see certain statistics of the campaign. This user cannot start/stop a campaign. The user also has no rights in viewing or changing any of the campaign settings. First, you need to create a client name. The client name is always associated with a campaign. Then you can associate that user with the client. As a result, the View Only User will only see all the campaigns which belong to that specific client. | ||
- | |||
- | {{ usr_mng_5.png? | ||
- | |||
- | Please make sure you also add the view only user to the specific campaign: | ||
- | {{ usr_mng_6.png? | + | === List of permissions and its description === |
- | ===== List of permissions and its description | + | |Access All Campaigns|Right to access campaigns. If you activate this checkbox, the user can access all campaigns, regardless of who created them. This permission overrides **Clients** and **Branches** attributes access policy.| |
- | |Access All Campaigns|Right to access campaigns. If you activate this checkbox, the user can access all campaigns, regardless of who created them.| | + | |
|Create/ | |Create/ | ||
- | |Save Campaign As Template|Right to save a campaign as a template. A campaign template can be used in the setup process when generating new campaigns.| | + | |Save Campaign As Template|Right to save a campaign as a template. A campaign template can be used in the setup process when generating new campaigns. | |
- | |Attack Templates|Access to the list of Attack Templates. Attack templates are predefined emails or websites which can be used for phishing simulations.| | + | |Attack Templates|Access to the list of Attack Templates. Attack templates are predefined emails or websites which can be used for phishing simulations. Affected by **Clients** and **Branches** attributes access policy.| |
- | |Campaign Templates|Access to the list of Campaign templates| | + | |Campaign Templates|Access to the list of Campaign templates. Affected by **Clients** and **Branches** attributes access policy.| |
- | |Awareness Templates|Access to the list of Awareness Templates. Awareness templates are used in training campaigns.| | + | |Awareness Templates|Access to the list of Awareness Templates. Awareness templates are used in training campaigns. Affected by **Clients** and **Branches** attributes access policy.| |
- | |File Templates|Access to the list of File Templates. File Templates are used for [[create_a_phishing_campaign_with_malware_simulations|file based attacks]].| | + | |File Templates|Access to the list of File Templates. Affected by **Clients** and **Branches** attributes access policy. File Templates are used for [[create_a_phishing_campaign_with_malware_simulations|file based attacks]].| |
- | |Not Found Template|Access to the LUCY [[not_found_pages_404|404]] page| | + | |Report Templates. Affected by **Clients** and **Branches** attributes access policy.|Access to the [[create_campaign_reports|Report Templates]]| |
- | |Report Templates|Access to the [[create_campaign_reports|Report Templates]]| | + | |
|Download Templates|Access to the menu of [[download_templates|Templates Downloading]]| | |Download Templates|Access to the menu of [[download_templates|Templates Downloading]]| | ||
|Clients|Access to the [[client_setup|Clients]] menu| | |Clients|Access to the [[client_setup|Clients]] menu| | ||
- | |Recipients|Access to the list of [[add_mail_recipients|Recipients]]. Recipients are the users that get attacked or trained.| | + | |Recipients|Access to the list of [[add_mail_recipients|Recipients]]. Recipients are the users that get attacked or trained. Affected by **Clients** and **Branches** attributes access policy.| |
|End Users|Access to the list of [[end_user_e-learning_portal|End Users]]| | |End Users|Access to the list of [[end_user_e-learning_portal|End Users]]| | ||
|User Management|Access to the [[user_management|User Management]]| | |User Management|Access to the [[user_management|User Management]]| | ||
Line 76: | Line 82: | ||
|Dynamic DNS|Access to Dynamic DNS feature.| | |Dynamic DNS|Access to Dynamic DNS feature.| | ||
|Automated Response Detection|Access to the [[response_detection|Automated Responce Detection]] menu| | |Automated Response Detection|Access to the [[response_detection|Automated Responce Detection]] menu| | ||
- | |Advanced | + | |Settings|Access to the [[advanced_settings|Advanced Settings]] including the abillity to customize the [[not_found_pages_404|404]] (not found page)| |
+ | |SMS Settings|An ability to set up Short Message Service (SMS) systems to send out text messages. LUCY has a build-in API that will connect to a centralized LUCY gateway when initializing SMS delivery. Please find more information [[smishing|here]]| | ||
|Performance Test|Access to the [[performance_tests|Performance Tests]]| | |Performance Test|Access to the [[performance_tests|Performance Tests]]| | ||
|Test email|Right to send a [[test_mail|test email]]| | |Test email|Right to send a [[test_mail|test email]]| | ||
Line 87: | Line 94: | ||
|Manual|Access to LUCY manual. This is the WIKI page hosted on th LUCY server| | |Manual|Access to LUCY manual. This is the WIKI page hosted on th LUCY server| | ||
|Exports|Access to the [[export_campaign_data|exports]]| | |Exports|Access to the [[export_campaign_data|exports]]| | ||
- | |Invoices|Access to the Invoices. Invoices can be created inside LUCY as a receipt for purchases like domains, sms credits etc.| | + | |Invoices|Access to the [[invoices_and_balance_refill|Invoices]]. Invoices can be created inside LUCY as a receipt for purchases like domains, sms credits etc.| |
|Send Logs|Access to " | |Send Logs|Access to " | ||
|Service Logs|Access to the [[log_files_in_lucy|Service logs]]| | |Service Logs|Access to the [[log_files_in_lucy|Service logs]]| | ||
|Changelog|Access to the Changelog| | |Changelog|Access to the Changelog| | ||
|Mail Manager|Access to the [[mail_manager|Mail Manager]]| | |Mail Manager|Access to the [[mail_manager|Mail Manager]]| | ||
+ | |Tickets|Access to the Ticket system| | ||
+ | |||
+ | |||
+ | ==== Supervisor ==== | ||
+ | |||
+ | Maintain the overview with access to the campaign specifications. | ||
+ | |||
+ | {{ usr_mng_4.png? | ||
+ | |||
+ | You have the ability to define a supervisor who is able to START/STOP the campaign which was created by a user. To do so add a user to a campaign with all permissions selected, add his supervisor to the same campaign with " | ||
+ | |||
+ | |||
+ | |||
+ | ==== View Only Users ==== | ||
+ | |||
+ | The View Only User can only see certain statistics of the campaign. This user cannot start/stop a campaign. The user also has no rights in viewing or changing any of the campaign settings. First, you need to create a client name. The client name is always associated with a campaign. Then you can associate that user with the **Client** and **Branch**. As a result, the View Only User will only see all the campaigns which belong to that specific client. | ||
+ | |||
+ | {{ usr_mng_1.png? | ||
+ | |||
+ | Please make sure you also add the view only user to the specific campaign: | ||
+ | |||
+ | {{ usr_mng_6.png? | ||
+ | |||
===== How to convert users to LDAP-based? ===== | ===== How to convert users to LDAP-based? ===== | ||
Line 103: | Line 133: | ||
===== Can I enforce a password policy or strong authentication? | ===== Can I enforce a password policy or strong authentication? | ||
- | Yes. It is possible to adjust password policy in the advanced settings. | + | Yes. It is possible to adjust |
Please find more [[password_policies_login_protection_strong_authentication|here]]. | Please find more [[password_policies_login_protection_strong_authentication|here]]. | ||
Line 109: | Line 139: | ||
===== Can I authenticate administrative users via SSO? ===== | ===== Can I authenticate administrative users via SSO? ===== | ||
- | Yes. It is possible | + | Yes. It is possible |
Line 116: | Line 146: | ||
To set up a multitenant capable administration, | To set up a multitenant capable administration, | ||
- | **Use case 1**: You create a campaign for your customer, but want to give your customer access to the statistics within the campaign. It must be ensured that the customer only sees his own data and cannot intervene in the campaign configuration. | + | **Use case 1**: You create a campaign for your customer but want to give your customer access to the statistics within the campaign. It must be ensured that the customer only sees his own data and cannot intervene in the campaign configuration. |
{{ rolebased_acces_view.png? | {{ rolebased_acces_view.png? | ||
Line 128: | Line 158: | ||
{{ rolebased_acces_view2.png? | {{ rolebased_acces_view2.png? | ||
- | **Solution use case 2:** You create an account with the status " | + | **Solution use case 2:** You create an account with the status " |
+ |
user_management.1570007233.txt.gz · Last modified: 2019/10/02 11:07 by lucy