Since Airlock 4.2, the Airlock Configuration Center uses role-based access control (RBAC):
To add a new adminstrator or edit an existing user, log in via ssh as root and call the airlock-user-manager (for Airlock 4.2 use UserManager) script as shown here:
root@airlock:/ # airlock-user-manager
For Airlock 4.2 use following commands instead:
root@airlock:/ # UserManager
Then follow the instructions on the screen.
Do not forget to save the new user settings after configuring the roles. To save, go back (choose "b") to the start page and choose "s" for save.
The customized users are not part of the Airlock configuration file. So, it is necessary to backup the users separately by saving the following three files:
/opt/airlock/custom-settings/mgt-auth/password.properties
/opt/airlock/custom-settings/mgt-auth/roles.properties
/opt/airlock/custom-settings/mgt-auth/assertion_key.properties
For Airlock 4.2 the following files are relevant:
/airlock/management/gui/auth/password.properties
/airlock/management/gui/auth/roles.properties
/airlock/management/gui/auth/assertion_key.properties
After an upgrade, just replace the existing files with the three backup files.
Actions (Execute) | airlock- supervisor |
airlock- auditor |
airlock- administrator |
airlock- app-admin |
Log into Configuration Center | x | x | x | x |
Change own password | x | x | x | x |
Activate Configuration | x | x | x | |
Load Configuration | x | x | x | |
Import Configuration | x | x | x | |
Save Configuration | x | x | x | |
Export Configuration | x | x (without PK) | x | |
Import Mapping | x | x | x | x |
Export Mapping | x | x | x | x |
Shutdown/Reboot | x | x | ||
Upload & Install Update | x | x | ||
View/Search Logs | x | x | x | x |
View System Monitor/Reporting Graphics | x | x | x | x |
Add/Remove/Restart Add-on Modules | x | x | ||
Manage Administrator Accounts (future release) | x |
Configuration Management (Read OR Write+Create+Delete+Read) | airlock- supervisor |
airlock- auditor |
airlock- administrator |
airlock- app-admin |
License | RW | R | RW | R |
Routes/Hosts/Netmasks | RW | R | RW | R |
Network Services (DNS/NTP/SNMP) | RW | R | RW | R |
Alerting | RW | R | RW | R |
ICAP | RW | R | RW | R |
Virtual Hosts | RW | R | RW | R |
Back-end Hosts | RW | R | RW | R |
Mappings | RW | R | RW | RW |
Reverse-Proxy Connection (Lines) | RW | R | RW | RW |
SSL VPN Virtual Hosts + Channels | RW | R | RW | RW |
Certificates | RW | R | RW | R |
Session Settings | RW | R | RW | R |
Deny Rules | RW | R | RW | R |
Error Pages (R=Download, W=Upload) | RW | R | RW | R |
Expert Settings | RW | R | RW | R |
View uploaded error pages | RW | R | RW | R |