59
edits
User Management: Difference between revisions
Jump to navigation
Jump to search
include 4.1 changes for permission management
Tom.Wegener (talk | contribs) (mention forgetting third party users) |
Tom.Wegener (talk | contribs) (include 4.1 changes for permission management) |
||
| Line 26: | Line 26: | ||
Only users with the '''admin''' role can: | Only users with the '''admin''' role can: | ||
* change system settings | * change system settings | ||
* manage users | * manage users | ||
* use | * configure storage settings | ||
* use webdav | |||
Beginning with firmware 3.5 roles can be created or deleted (except for '''admin'''). A role may have several permissions. Permissions are categorized in live view, replay view and 4-eyes authorization. For each category there is a list of permissions that are granted by this role. E.g. if only the permission 'pcap' is selected in live view, the role only allows performing capturing in the corresponding view. | Beginning with firmware 3.5 roles can be created or deleted (except for the '''admin''' role). A role may have several permissions. Permissions are categorized in live view, replay view and 4-eyes authorization. For each category there is a list of permissions that are granted by this role. E.g. if only the permission 'pcap' is selected in live view, the role only allows performing capturing in the corresponding view. | ||
Following permissions exist: | Following permissions exist: | ||
| Line 37: | Line 37: | ||
* '''all''': All permissions are granted. This contains all other permissions mentioned below. | * '''all''': All permissions are granted. This contains all other permissions mentioned below. | ||
* '''pcap''': Captures and Webshark access is permitted. | * '''pcap''': Captures and Webshark access is permitted. | ||
* '''voip''': Access to SIP and RTP statistics is permitted. | * '''voip''': Access to SIP and RTP statistics is permitted. (With version 4.1 this was split into the permissions rtp and sip) | ||
* '''other''': Access to everything else. | * '''other''': Access to everything else. | ||
* '''restart-analysis''': Allows restarting ring buffer analysis | * '''restart-analysis''': Allows restarting ring buffer analysis | ||
* '''pcap-analysis''': Allows starting and stopping a PCAP analysis. | * '''pcap-analysis''': Allows starting and stopping a PCAP analysis. | ||
With version 4.1 there is an additional permission setting restricting the capture functionality. To use this feature a restricting profile has to be set in the capture profile settings. | |||
Following pre defined roles exist: | Following pre defined roles exist: | ||
* '''users''': Users with this role can see all measurement data, but they are not able to change settings. | * '''admin''': with version 4.1 the admin role became editable. Per default this role has all permissions without restrictions. | ||
* '''capture''': Users with this role are able to start traffic captures. | |||
* '''replay-user''': Users can only view measurement data from replay slots (replay of ring buffer or pcap files). The user cannot see live data. | *'''users''': Users with this role can see all measurement data, but they are not able to change settings. | ||
* '''restart-analysis''': Users can restart already running ring buffer analyses, for example with different start and end time parameters. This is useful if the '''admin''' user wants to select which and when a ring buffer should be analyzed but still letting '''replay-user'''s to restart the analysis in case they want use a smaller time interval for faster/more detailed analysis. | *'''capture''': Users with this role are able to start traffic captures. | ||
*'''api-pcap-4-eyes-authorization''': This role requires an authorization for performing a PCAP from another user with ''' | *'''replay-user''': Users can only view measurement data from replay slots (replay of ring buffer or pcap files). The user cannot see live data. | ||
*'''api-voip-4-eyes-authorization''': This role requires an authorization for accessing SIP or RTP statistics pages from another user with ''' | *'''restart-analysis''': Users can restart already running ring buffer analyses, for example with different start and end time parameters. This is useful if the '''admin''' user wants to select which and when a ring buffer should be analyzed but still letting '''replay-user'''s to restart the analysis in case they want use a smaller time interval for faster/more detailed analysis. | ||
*'''api-pcap-4-eyes-authorization''': This role requires an authorization for performing a PCAP from another user with the '''pcap''' permission in any of the three categories. In the PCAP dialog a dropdown field is displayed where the user needs to select the other user who should grant the capture. The other user will get a popup dialog for granting or denying the PCAP download. | |||
*'''api-voip-4-eyes-authorization''': This role requires an authorization for accessing SIP or RTP statistics pages from another user with the '''sip''' or '''rtp''' (before the version 4.1 this was the voip permission) permissions in an category. On the page that requires authorization an indicator is displayed where the user needs to select the other user who should grant access to that page. The other user will get a popup dialog for granting or denying the access. | |||
These roles can be combined. For example, a user with the '''replay-user''' and '''capture''' role can only see replay data and can capture traffic from this data, but they cannot capture live data. | These roles can be combined. For example, a user with the '''replay-user''' and '''capture''' role can only see replay data and can capture traffic from this data, but they cannot capture live data. | ||