Symantec Web Security Service with multiples Service Users

book

Article ID: 171403

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Sometimes the customers need to add more than one Service User in Symantec Web Security Service (WSS). The use of one credential shared by more than one administrator is a security risk. Symantec recommends the use of Service User depending on the role needed. In that way, the Global Admin can control/trace the access and tasks made by those users in portal.threatpulse.com without sharing his credentials.

The Symantec Web Security Service allows Admin Users to add other user access to the portal and assign them privileges based on their role in the organization. Currently, there are three available roles.

  1. Admin: Full access to all portal pages and configuration 
  2. Report User: No access to service configurations. Full access to reporting. For example, you have a Human Resource employee who is tasked with tracking web use of employees who belong to a specific group, so you create a filter for location, subnet, or other criteria. Furthermore, you can limit the type of data that displays in reports. For example, the HR employee is not concerned with port or client IP address values, so you remove those fields from the role.
  3. Reviewer: A person, such as an outside security consultant, requires access to audit policies. In this role, they cannot add or change any configurations, and some pages are not viewable.

Only Admin Users can modify other Symantec Web Security Service users. For example, change the default role or temporarily disable a user's access. Also, Web Security Service Administrative Users are able to disable any provisioned user regardless of any use of a personal password.

Resolution

  1. In Service Mode, select the Account Maintenance > Users tab.         
  2. Click on Add user.
  3. Enter the new user's Name.
  4. Enter the user's Email address. The Web Security Services ends the user's access credentials to this address.
  5. Select Administrator as the Role. The Default Role option also automatically selects.
  6. You can also assign this user the Reporting role so that they can view the Web Security Service web use/security reports and dashboards.

  1. (Optional) Enter Comments to help you indicate additional user information, such as location, job description, and so on.
  2. Clicking Save adds the user. The Web Security Service sends an e-mail to that user.The mail includes the link to the service along with the initial access credentials.
  3. For the first log in this user will need to change the temporary password and add security answer. Others Personal Details will be requested.

Symantec strongly recommends limiting the number of Web Security Service users with administrative credentials. Depending on the size and complexity of your organization, you might have more than one user administering the different services (Content Filtering, Threat Protection, Web Application Controls) or possibly a user responsible different geographical locations. No matter how many Admin Role users exist, there is only one policy per Web Security Service customer account. If more than one administrator alters policy, they might unknowingly change policy created by another user. Have clear administration solution goals to minimize this possibility.

Attachments