Manage FireFlow users and roles

This section describes how to manage users and roles in FireFlow.

Manage FireFlow Users and Roles: Watch to learn about setting FireFlow permissions per role and user.

FireFlow users and roles

There are two types of users with roles in FireFlow:

  1. Privileged users: these have been created in AlgoSec Firewall Analyzer and take an active part in FireFlow's change request flow. For example, approving, rejecting or editing requests. Privileged users can be assigned one or more roles. If necessary, additional role types can be defined.

    Network operations

    Users with this role are responsible for processing requests, determining which device changes are required to meet the request, planning how to implement the necessary changes, and implementing the changes.

    Information Security

    Users with this role are responsible for determining whether the requested changes pose any risk, approving those changes, and performing auditing to ensure that all change requests are matched with implemented changes.

    FireFlow Administrator

    Users with this role can configure the FireFlow system and manage devices, groups of devices, and users in the system.

    Read-Only

    Users with this role can view the FireFlow interface, but cannot modify its contents or settings.

    Controller

    Users with this role are responsible for a second round of change request approval, called a review. This role is optional and used only in the Multi-Approval and Parallel-Approval workflows.

  1. Unprivileged users: These are created in AlgoSec FireFlow and are not AlgoSec Firewall Analyzer users. They can only create a new change request but not edit or take part in the change flow.

    Requestor

    Users with this role can send requests to the FireFlow system asking for a device change to be made. For example, a requestor who only has access to the company DMZ might request access from their computer to an internal LAN.

    Note: Requestors cannot be assigned additional roles.

 

User management procedures

The method used to add a user differs depending on which FireFlow role you intend to assign the user (and consequently, which actions the user has permission to perform). You can add, edit, and delete users as needed.

  • Administrator and other privileged users are managed in AFA. For details, see Manage privileged users.
  • Requestors are managed in FireFlow, either in the Web interface or directly in the Requestor Database. They are automatically assigned the requestor role. For details, see Manage requestors.

    Note: Adding requestors is only required if you want to allow use of the Requestors Web Interface. For more details, see FireFlow for requestors.

Additionally, ASMS provides the ability to authenticate users (as well as manage users and roles) using an authentication server or single sign on. For more details, see Configure user authentication.