Documentation forSecurity Event Manager

Users view on the SEM Console

To open the Users view, navigate to Build > Users on the SEM menu bar. Use this view to manage SEM user system accounts.

This topic provides page-level help for the Users view on the SEM Console.

See also: Manage users in SEM

The following example shows the Users view on the SEM Console.

Users view main page elements

This section describes the main elements in the Users view.

Name Description

Refine Results

Filters the Users grid based on your selections.

Users grid

Displays all users associated with each Manager throughout your network.

Click to add a user or import a user from Active Directory.

User Information for:

Displays information about the user selected in the Users grid. The form is read-only unless you are adding or editing a user.

The Users grid

By default, the Users grid displays all users configured for all Managers monitored by the console. Use the Refine Results form to filter the contents of the grid.

Column Description

Click to edit or delete the user account.


The user login status. Indicates if the user is currently logged in to the console.

indicates the user is logged in to the console.

indicates the user is not logged in to the console.

User/Group Name

The account name used to log in to SEM Manager.

Type Indicates if the user account is a local SEM user account, or a Directory Service (DS) account that is synchronized with Active Directory.

First Name

The user's first name.

Last Name

The user's last name.

SEM Role

The SEM role type assigned to the user. There are six role types: Administrator, Auditor, Monitor, Contact, Guest, and Reports.


A brief description of the user’s job function or responsibility.


The SEM Manager where the user account is located.

Last Login

Timestamp showing the time and date that the user last logged in to the system.

The Refine Results form

By default, the Users grid shows all users across all SEM Managers. Use the Refine Results sidebar to limit the number of users displayed in the grid.

Field Description


Click to return the grid and the form to their default settings.


Select a SEM Manager instance to view only the user accounts located on the selected instance.

SEM Role

Select a role type to view only users that match that role type. By default, the grid displays results for all SEM role types.

Last Login Date Range

Enter a start date and end date to view users who last logged in during the specified date range.

The User Information for form

Field Description
User Name Enter a user account name. You cannot use admin_role, audit_role, or reports_role for the user name.
First Name Enter the user's first name.
Last Name Enter the user's last name.

Enter a user password to access the Manager. This can be an initial system password or a temporary password that is assigned to replace a forgotten password.

If you are creating a Contact user, a password is not required.

If the Must Meet Complexity Requirements check box is selected in the Manage > Appliance > Properties > Settings tab, the console enforces the following policy:

  • Passwords must have a minimum of six characters. Spaces are not allowed.
  • Passwords must have two of the following three attributes: at least one special character, at least one number, and a mix of lowercase and uppercase letters.
Confirm Password Enter the password again.
SEM Role

Select a SEM role for this user.

  • Administrator - Has full access to the system, and can view and modify everything.
  • Auditor has extensive view rights to the system, but cannot modify anything other than their own filters.
  • Monitor - Can access the console, cannot view or modify anything, and must be provided a set of filters. See "Specify the filters that users assigned the Monitor role can use on the SEM Console" on page 129 for steps.
  • Contact - Cannot access the console, but can receive external notification.
  • Guest - Has extensive view rights to the system, but cannot modify anything other than their own filters.
  • Reports - Cannot log in to the SEM console, but can log in to the SEM reports application. This role can access the SEM database over a secure channel if TLS encryption is enabled. See "Enable transport layer security (TLS) in the SEM reports application" on page 78 for details
View Role Click to open the role privileges assigned to the new user. Role privileges cannot be changed.
Description Type a brief description (up to 50 characters). For example, provide the user title, position, or area of responsibility.
Contact Information

Enter an email address. SEM Manager notifies users by email about network security events. You can add as many email addresses as required.

  1. To add the address to the Contact Information box, type an email address, and then click . Use the following format:
  2. To send a test email to the email address, click Save, and then click .
  3. Verify that the user received the email test message
  4. Repeat these steps to add additional email addresses.

The Privileges screen

The Privileges screen provides details about the access, modify, and audit rights that are granted to each SEM role type. This information is read-only and cannot be changed. See also Add SEM users