Manage FireFlow users and roles

This section describes how to manage users and roles in FireFlow.

Manage FireFlow Users and Roles: Watch to learn about setting FireFlow permissions per role and user.

FireFlow users and roles

The FireFlow change request lifecycle involves multiple users, each of which is assigned one or more of the following roles:

Requestor

Users with this role can send requests to the FireFlow system asking for a device change to be made. For example, a requestor who only has access to the company DMZ might request access from their computer to an internal LAN.

Note: Requestors cannot be assigned additional roles.

Network operations

Users with this role are responsible for processing the requestor's request, determining which device changes are required to meet the request, planning how to implement the necessary changes, and implementing the changes.

Information Security

Users with this role are responsible for determining whether the requested changes pose any risk, approving those changes, and performing auditing to ensure that all change requests are matched with implemented changes.

FireFlow Administrator

Users with this role can configure the FireFlow system and manage devices, groups of devices, and users in the system.

Read-Only

Users with this role can view the FireFlow interface, but cannot modify its contents or settings.

Controller

Users with this role are responsible for a second round of change request approval, called a review. This role is optional and used only in the Multi-Approval and Parallel-Approval workflows.

If necessary, additional roles can be defined.

Users with roles other than "requestor" are called privileged users.

Back to top

User management procedures

The method used to add a user differs depending on which FireFlow role you intend to assign the user (and consequently, which actions the user has permission to perform). You can add, edit, and delete users as needed.

  • Administrator and other privileged users are managed in AFA. For details, see Manage privileged users.

  • Requestors are managed in FireFlow, either in the Web interface or directly in the Requestor Database. They are automatically assigned the requestor role. For details, see Manage requestors.

    Note: Adding requestors is only required if you want to allow use of the Requestors Web Interface. For more details, see FireFlow for requestors.

Additionally, ASMS provides the ability to authenticate users (as well as manage users and roles) using an authentication server or single sign on. For more details, see Configure user authentication.

Back to top