Is it possible to restrict what a user can do on the interface?

Started by fredbloggs, March 25, 2016, 10:53:04 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 25, 2016, 10:53:04 PM Last Edit: March 26, 2016, 01:28:44 AM by fredbloggs
Hi,

Am a newby, but looking for a firewall that allows us to perform a few restrictions.

For example, whilst I obviously want a super-user god like account to manage everything, I'd also like to be able to restrict what certain people can do in the web interface.

i.e. so that they can't change any details under Interfaces or add virtual IP's under Firewall.  Even if I'm required to  change a setting to make them temporarily available/hidden in the UI.

Going forwards, I guess a FR would be required to allow delegated administration to each component to grant the most flexibility.

Thanks
Mark
March 26, 2016, 02:41:30 AM #1
Look at groups and their permissions
System: Access: Groups - System Privileges

March 26, 2016, 03:47:39 AM #2
thanks, I looked there but didn't notice the add roles, thought it was just for VPNs etc.

Just need to work out which are required (at present the user has some assigned) as I'm getting a
web page can't be found error, http://10.3.3.201/.widget.php unless I grant access to WebCfg - All pages, which then grants access to all pages and not just those desired.

Any ideas?
March 26, 2016, 07:29:16 PM #3
So the idea behind the system is: with both groups and users you can assign privileges. Groups are simply used to define reusable rules as you put it. The privileges are per page and some special cases like logins away from the GUI itself. You can find the privilege assignments in the group or user edit screen.

In order to get a viable dashboard user you need:

WebCfg - Dashboard (all)
WebCfg - Dashboard widgets (direct access)

The config deny privilege is also good for read-only access...
March 29, 2016, 05:04:39 AM #4
I must be missing something.  As soon as I give someone those rights they have rights to everything.

Should I be able to give an account limited access without those.
March 29, 2016, 03:05:09 PM #5
Maybe you assigned the "admins" group to the user? When you create a new user and add the privileges, I can only see the firewall log and the dashboard in the menu (apart from the help links which don't require privileges).

If you can't seem to find the issue please run us through your user creation sequence and/or post screenshots.
Print
Go Up Pages1
User actions