User Guide
CHAPTER
32-1
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
32
Distributing Administrative Tasks
• Working with User Accounts, page 32-1
• Managing Custom User Roles for Delegated Administration, page 32-7
• Passwords, page 32-16
• Configuring Access to the Email Security Appliance, page 32-24
• Managing Secure Shell (SSH) Keys, page 32-28
• Viewing Active Administrator Sessions, page 32-30
Working with User Accounts
The Cisco appliance provides two methods for adding user accounts: creating user accounts on the Cisco
appliances itself, and enabling user authentication using your own centralized authentication system,
which can be either an LDAP or RADIUS directory. You can manage users and connections to external
authentication sources on the System Administration > Users page in the GUI (or by using the
userconfig command in the CLI). For information about using an external directory to authenticate
users, see External Authentication, page 32-20.
The default user account for the system, admin, has all administrative privileges. The admin user account
cannot be deleted, but you can change the password and lock the account.
When you create a new user account, you assign the user to a predefined or a custom user role. Each role
contains differing levels of permissions within the system.
Although there is no limit to the number of user accounts that you can create on the appliance, you cannot
create user accounts with names that are reserved by the system. For example, you cannot create the user
accounts named “operator” or “root.”