340
edits
User Management: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 17: | Line 17: | ||
:* It is not possible to delete or disable the currently logged in user. | :* It is not possible to delete or disable the currently logged in user. | ||
=== Roles === | === Roles and permissions === | ||
Multiple roles can be defined per user to allow different permissions. | Multiple roles can be defined per user to allow different permissions. | ||
| Line 28: | Line 28: | ||
* use WebDAV | * use WebDAV | ||
Beginning with firmware 3.5 roles can be created or deleted (except for '''admin'''). A role may have several permissions. Permissions are categorized in live view, replay view and 4-eyes authorization. For each category there is a list of permissions that are granted by this role. E.g. if only the permission 'pcap' is selected in live view, the role only allows performing capturing in the corresponding view. | |||
Following permissions exist: | |||
* all: All permissions are granted. This contains all other permissions mentioned below. | |||
* pcap: Captures and Webshark access is permitted. | |||
* voip: Access to SIP and RTP statistics is permitted. | |||
* other: Access to everything else. | |||
Following pre defined roles exist: | |||
Users with '''api-pcap-4-eyes-authorization''' role | * '''users''': Users with this role can see all measurement data, but they are not able to change settings. | ||
* '''capture''': Users with this role are able to start traffic captures. | |||
* '''replay-user''': Users can only view measurement data from replay slots (replay of ring buffer or pcap files). The user cannot see live data. | |||
* '''restart-analysis''': Users can restart already running ring buffer analyses, for example with different start and end time parameters. This is useful if the '''admin''' user wants to select which and when a ring buffer should be analyzed but still letting '''replay-user'''s to restart the analysis in case they want use a smaller time interval for faster/more detailed analysis. | |||
*'''api-pcap-4-eyes-authorization''': This role requires an authorization for performing a PCAP from another user with '''admin''', '''capture''' or '''api-pcap-4-eyes-authorization''' role. In the PCAP dialog a dropdown field is displayed where the user needs to select the other user who should grant the capture. The other user will get a popup dialog for granting or denying the PCAP download. | |||
*'''api-voip-4-eyes-authorization''': This role requires an authorization for accessing SIP or RTP statistics pages from another user with '''admin''' or '''api-voip-4-eyes-authorization''' role. On the page that requires authorization an indicator is displayed where the user needs to select the other user who should grant access to that page. The other user will get a popup dialog for granting or denying the access. | |||
These roles can be combined. For example, a user with the '''replay-user''' and '''capture''' role can only see replay data and can capture traffic from this data, but they cannot capture live data. | |||
These roles can be combined. For example, a user with the '''replay-user''' and '''capture''' | |||
=== LDAP users === | === LDAP users === | ||