How can I create, and manage users on my Director appliance?

Solution

Overview

What do the privilege levels of 1, 7  and15 mean?

What are the default accounts on Director?

What are the default passwords for a Director appliance?

 

Cause
Resolution

The default accounts are sadmin, monitor, and admin, with each account having no password by default. Blue Coat recommends that the default admin account be
used to administer Director. Another account, monitor, exists by default on Director which allows the user to view configuration changes to the system. sadmin intended to allow users to manage content filtering policy. See Chapter 8 of the CMG guide for more information.


You can create other accounts with different privileges and require users to use one of those accounts instead of admin. (If you decide to create user accounts on Director, assign a password on the admin account to prevent users from logging on with full privileges.) The user accounts you create can be as secure as you want them, from no password to restricting users to one of the modes: Standard, Enable, or Configuration. Restricting users to one of the modes is called setting the privilege level.

All user accounts, by default, have all privileges.
If the privilege level is:

  • Privilege level 1 Standard mode only is available, meaning that you can view Director logs and the results of commands but you cannot change them. You cannot log into the JAVA UI in this mode.
  • Privilege level 7 Standard and Enable modes are available, meaning you can do one-time
    tasks, but cannot schedule repeating tasks or configure devices or device
    groups.
  • Privilege level15 (the default): All three modes are available, including Configuration mode, the most powerful. You can schedule jobs, manage content, and manage users.

NOTE1: You can also make permanent changes to Director configuration. If the privilege level is changed during a session, the new privileges take effect
immediately.

NOTE2: The username commands create local user accounts on Director only. They do not affect the accounts on remote authentication servers.

NOTE3: Director can user either Radius, or TACACS+ authentication protocols.  However, only Radius allows you to set the above mentioned privilege levels.

NOTE4: Information in this article was taken from page 568 of the Director 5.5 administration manual.

 

Links to other articles:

For a list of what commands can be executed with an delegated admin user id, bnased on their  priviledge mode, see 000014764

For more details on how to implement the RADIUS protocol with a Cisco ACS server, see 000013365

For more details on how to implement the TACACS+ protocol with a Cisco ACS server, see FAQ2879

For details on the username CLI command, as well as other CLI commands, see 000014637

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4759
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat