Give Users Access to Security Monitoring Dashboards

Learn how to grant users access to the NGINX Management Suite Security Monitoring dashboards.

Overview

You can use NGINX Management Suite Security Monitoring to monitor NGINX App Protect WAF instances. The Security Monitoring analytics dashboards and security logs provide protection insights and help you analyze possible threats or identify opportunities to tune your security policies.

By completing the steps in this topic, you will create a role that gives users access to the Security Monitoring module and logs, and assign it to user accounts or groups.

Note:
The recommendations in this guide follow the principle of least privilege and do not grant users access to the Instance Manager module. You can create additional roles with custom modules, features, and permissions to suit your use case.

Before You Begin

Complete the following prerequisites before proceeding with this guide:

  • NGINX Management Suite Security Monitoring is installed and running.

  • Your user account needs to be able to access the User Management settings in NGINX Management Suite. The minimum required role permissions are:

    • Module: Settings
    • Feature: User Management
    • Access: READ, CREATE, UPDATE
  • Review the table below to determine the minimum permissions needed for your use case.

    Module(s) Feature(s) Access Description
    Instance Manager
    Security Monitoring
    Analytics
    Security Monitoring
    READ
    READ
    Read-only access that allows users to view the Security Monitoring dashboards. Users cannot access Instance Manager or Settings.
    Instance Manager
    Security Monitoring
    Settings
    Analytics
    Security Monitoring
    User Management
    READ
    READ
    CREATE, READ, UPDATE
    Allows users to view the Security Monitoring dashboards and manage user accounts and roles.

    Recommended for a “super-user” who is responsible for managing other users' access to the security dashboards. This permission set does not allow the user to delete user accounts.

Create a Role

To create a role for Security Monitoring, take the steps below.

  1. Open the NGINX Management Suite web interface and log in.

  2. Select the Settings (gear) icon in the upper-right corner.

  3. On the left navigation menu, select Roles.

  4. Select Create.

  5. On the Create Role form, provide the following details:

    • Name: a unique name to use for the role
    • Display name: an optional, user-friendly name to show for the role
    • Description: an optional, brief summary of what the role is
  6. Select Add Permission.

    • Add sets of permissions to allow access to the Security Monitoring, Instance Manager, and/or Settings features as appropriate. For each set, select the Module, Feature, and Access level desired, then select Save.
    • Repeat the Add Permissions step as many times as is needed to grant users access to different modules and features.
  7. Select Save to add the specified permissions to the role.

  8. Review the permissions, then select Save to create the role.

Assign the Role to Users

After you’ve created a role for Security Monitoring, assign the role to one or more users or to a user group.

To assign roles to one or more user accounts, take the following steps:

  1. Open the NGINX Management Suite web interface and log in.
  2. Select the Settings (gear) icon in the upper-right corner.
  3. On the left navigation menu, select Users.
  4. Select a user in the list or select Create to add a new user.
  5. Select Edit User.
  6. In the Roles list, select the role(s) that you want to assign to the user.
  7. Select Save to update the user.

To assign the role to a user group, take the following steps:

  1. Open the NGINX Management Suite web interface and log in.
  2. Select the Settings (gear) icon in the upper-right corner.
  3. Select User Groups.
  4. Select the user group from the list, or select Create to add a new user group.
  5. Select the Edit icon.
  6. In the Roles list, select the role(s) that you want to assign to the group.
  7. Select Save to update the user group.