You can add Unified Management privileges to an existing account, or create users specifically for this purpose. There are two user roles for Unified Management.
- Administrator (Unified Management) – This role has all permissions for all Carbon Black App Control features, including Configure Unified Management, enabled. The account you create for the initial configuration of the management server, and the account used for authentication when you add new client servers, must have this role. The the default admin account includes this role.
- User (Unified Management) – This role allows the user to view information in the Carbon Black App Control console, such as computers, events, and files, including information provided by other computers that are under Unified Management. It also allows creation, distribution, and modification of unified rules and single-sign-on access to client servers from the management server. It does not allow modification of the Unified Management configuration.
Note: In previous releases, each console user belonged to one group, and that group defined user permissions. In
Carbon Black App Control versions 8.0.0+, user roles replace groups. Although roles and groups define permissions in a similar way, you can assign more than one role to a user. Because the Administrator (Unified Management) role has all permissions, it is not necessary to give it any other roles. See
Managing Console Login Accounts for more details on role-based access control.
Each user account that uses Unified Management features must authenticate their connection to each client server when they log in for the first time.