OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: ccesario on June 11, 2019, 07:14:31 pm
-
Hi folks, currently I`m trying restrict an user to change somethings by OPNsense GUI.
I have created a new group and select only the items that I would like to allow, in this case ALL less *interfaces* page.
But it seems this does not working as expected, because I can see and change these items.
Does someone has idea if is there any problem with this !?
Best regards
it is below the acl from config.xml
<group>
<name>manager</name>
<description>Managers</description>
<gid>2001</gid>
<priv>page-dashboard-all</priv>
<priv>page-system-login-logout</priv>
<priv>page-getserviceproviders</priv>
<priv>page-getstats</priv>
<priv>page-dashboard-widgets</priv>
<priv>page-diagnostics-arptable</priv>
<priv>page-diagnostics-authentication</priv>
<priv>page-diagnostics-backup-restore</priv>
<priv>page-diagnostics-configurationhistory</priv>
<priv>page-diagnostics-factorydefaults</priv>
<priv>page-diagnostics-haltsystem</priv>
<priv>page-diagnostics-limiter-info</priv>
<priv>page-diagnostics-logs-dhcp</priv>
<priv>page-diagnostics-logs-firewall-dynamic</priv>
<priv>page-diagnostics-logs-firewall-plain</priv>
<priv>page-diagnostics-logs-firewall-summary</priv>
<priv>page-diagnostics-logs-gateways</priv>
<priv>page-diagnostics-logs-settings</priv>
<priv>page-diagnostics-logs-system</priv>
<priv>page-diagnostics-ndptable</priv>
<priv>page-diagnostics-netflow</priv>
<priv>page-diagnostics-networkinsight</priv>
<priv>page-diagnostics-packetcapture</priv>
<priv>page-diagnostics-tables</priv>
<priv>page-diagnostics-pf-info</priv>
<priv>page-diagnostics-system-pftop</priv>
<priv>page-diagnostics-ping</priv>
<priv>page-diagnostics-rebootsystem</priv>
<priv>page-diagnostics-resetstate</priv>
<priv>page-diagnostics-routingtables</priv>
<priv>page-diagnostics-showstates</priv>
<priv>page-diagnostics-sockets</priv>
<priv>page-diagnostics-statessummary</priv>
<priv>page-diagnostics-system-activity</priv>
<priv>page-diagnostics-health</priv>
<priv>page-diagnostics-testport</priv>
<priv>page-diagnostics-traceroute</priv>
<priv>page-firewall-alias-edit</priv>
<priv>page-firewall-aliases</priv>
<priv>page-firewall-nat-1-1</priv>
<priv>page-firewall-nat-1-1-edit</priv>
<priv>page-firewall-nat-npt</priv>
<priv>page-firewall-nat-npt-edit</priv>
<priv>page-firewall-nat-outbound</priv>
<priv>page-firewall-nat-outbound-edit</priv>
<priv>page-firewall-nat-portforward</priv>
<priv>page-firewall-nat-portforward-edit</priv>
<priv>page-firewall-scrub</priv>
<priv>page-firewall-rules</priv>
<priv>page-firewall-rules-edit</priv>
<priv>page-firewall-schedules</priv>
<priv>page-firewall-schedules-edit</priv>
<priv>page-firewall-trafficshaper</priv>
<priv>user-proxy-auth</priv>
<priv>page-services-captiveportal</priv>
<priv>page-services-dhcprelay</priv>
<priv>page-services-dhcpserver</priv>
<priv>page-services-dhcpserver-editstaticmapping</priv>
<priv>page-services-dhcpv6relay</priv>
<priv>page-services-dhcpv6server</priv>
<priv>page-services-dhcpserverv6-editstaticmapping</priv>
<priv>page-services-opendns</priv>
<priv>page-services-dnsforwarder-editdomainoverride</priv>
<priv>page-services-dnsforwarder-edithost</priv>
<priv>page-diagnostics-logs-dnsmasq</priv>
<priv>page-services-dnsforwarder</priv>
<priv>page-services-dynamicdnsclients</priv>
<priv>page-services-ids</priv>
<priv>page-services-ntpd</priv>
<priv>page-services-proxy</priv>
<priv>page-services-router-advertisements</priv>
<priv>page-services-dnsresolver-acls</priv>
<priv>page-services-dnsresolver-advanced</priv>
<priv>page-services-dnsresolver-editdomainoverride</priv>
<priv>page-services-dnsresolver-edithost</priv>
<priv>page-services-dnsresolver</priv>
<priv>page-diagnostics-logs-resolver</priv>
<priv>page-status-carp</priv>
<priv>page-status-dhcpleases</priv>
<priv>page-status-dhcpv6leases</priv>
<priv>page-status-habackup</priv>
<priv>page-status-ipsec</priv>
<priv>page-status-ipsec-leases</priv>
<priv>page-status-ipsec-sad</priv>
<priv>page-status-ipsec-spd</priv>
<priv>page-status-ntp</priv>
<priv>page-services-ntp-gps</priv>
<priv>page-services-ntp-pps</priv>
<priv>page-status-openvpn</priv>
<priv>page-status-services</priv>
<priv>page-status-systemlogs-portalauth</priv>
<priv>page-status-systemlogs-ppp</priv>
<priv>page-status-systemlogs-ipsecvpn</priv>
<priv>page-status-systemlogs-ntpd</priv>
<priv>page-status-systemlogs-openvpn</priv>
<priv>page-status-systemlogs-routing</priv>
<priv>page-status-systemlogs-wireless</priv>
<priv>page-status-trafficgraph</priv>
<priv>page-diagnostics-wirelessstatus</priv>
<priv>page-wizard-system</priv>
<priv>page-system-advanced-admin</priv>
<priv>page-system-advanced-firewall</priv>
<priv>page-system-advanced-misc</priv>
<priv>page-system-advanced-network</priv>
<priv>page-system-advanced-sysctl</priv>
<priv>page-system-authservers</priv>
<priv>page-system-camanager</priv>
<priv>page-system-certmanager</priv>
<priv>page-diagnostics-crash-reporter</priv>
<priv>page-system-crlmanager</priv>
<priv>page-system-firmware-manualupdate</priv>
<priv>page-system-gatewaygroups</priv>
<priv>page-system-generalsetup</priv>
<priv>page-system-groupmanager</priv>
<priv>page-system-groupmanager-addprivs</priv>
<priv>page-system-hasync</priv>
<priv>page-system-license</priv>
<priv>page-system-cron</priv>
<priv>page-system-staticroutes</priv>
<priv>page-system-usermanager</priv>
<priv>page-system-usermanager-addprivs</priv>
<priv>page-system-usermanager-passwordmg</priv>
<priv>page-vpn-ipsec</priv>
<priv>page-vpn-ipsec-editphase1</priv>
<priv>page-vpn-ipsec-editphase2</priv>
<priv>page-vpn-ipsec-editkeys</priv>
<priv>page-vpn-ipsec-mobile</priv>
<priv>page-vpn-ipsec-listkeys</priv>
<priv>page-openvpn-client</priv>
<priv>page-openvpn-client-export</priv>
<priv>page-openvpn-csc</priv>
<priv>page-openvpn-server</priv>
<priv>page-services-monit</priv>
<priv>page-xmlrpclibrary</priv>
<member>2001</member>
</group>
-
Hi Folks,
Any tip about this issue?
Regards
Carlos