Managing user rights and usergroups
In syslog-ng Store Box (SSB), user rights can be assigned to usergroups. SSB has numerous usergroups defined by default, but custom user groups can be defined as well. Every group has a set of privileges: which pages of the SSB web interface it can access, and whether it can only view (read) or also modify (read & write/perform) those pages or perform certain actions.
Figure 77: AAA > Access Control — Managing SSB users
NOTE: Every group has either read or read & write/perform privileges to a set of pages.
The admin user is available by default and has all privileges, except that it cannot remotely access the shared logspaces. It is not possible to delete this user.
Assigning privileges to usergroups for the SSB web interface
This section describes how to assign privileges to a new group.
To assign privileges to a new group
-
Navigate to AAA > Access Control and click .
-
Find your usergroup. If you start typing the name of the group you are looking for, the autocomplete function will make finding your group easier for you.
-
Click located next to the name of the group. The list of available privileges is displayed.
-
Select the privileges (pages of the syslog-ng Store Box (SSB) interface) to which the group will have access and click Save.
NOTE: To export the configuration of SSB, the Export configuration privilege is required.
To import a configuration to SSB, the Import configuration privilege is required.
To update the firmware and set the active firmware, the Basic settings > System privilege is required.
-
Select the type of access (read or read & write) from the Type field.
-
Click .
Modifying group privileges
This section describes how to modify the privileges of an existing group.
To modify the privileges of an existing group
-
Navigate to AAA > Access Control.
-
Find the group you want to modify and click . The list of available privileges is displayed.
-
Select the privileges (pages of the syslog-ng Store Box (SSB) interface) to which the group will have access and click Save.
Figure 78: AAA > Access Control — Modifying group privileges
|
Caution:
Assigning the Search privilege to a user on the AAA page grants the user search access to every logspace, even if the user is not a member of the groups listed in the Access Control option of the particular logspace. |
-
Select the type of access (read or read & write) from the Type field.
-
Click .
Finding specific usergroups
The Filter ACLs section of the AAA > Access Control page provides you with a simple searching and filtering interface to search the names and privileges of usergroups.
Figure 79: AAA > Access Control — Finding specific usergroups
-
To select usergroups starting with a specific string, enter the beginning of the name of the group into the Group field and select Search.
-
To select usergroups who have a specific privilege, click , select the privilege or privileges you are looking for, and click Search.
-
To filter for read or write access, use the Type option.