You are here

Administration Roles

Affects version(s): 
5.0
4.2

Since Airlock 4.2, the Airlock Configuration Center uses role-based access control (RBAC):

  • Each Airlock administrator should have a personal account. 
  • The configuration permissions depend on the role(s) associated with an account.
  • The matrix below shows all pre-defined roles and the permissions they have.
  • If you need an administrator to have a different set of permissions, you may choose to add custom administration roles.

UserManager Shell Script

To add a new adminstrator or edit an existing user, log in via ssh as root and call the airlock-user-manager (for Airlock 4.2 use UserManager) script as shown here:

root@airlock:/ # airlock-user-manager

For Airlock 4.2 use following commands instead:
root@airlock:/ # UserManager

Then follow the instructions on the screen.

Do not forget to save the new user settings after configuring the roles. To save, go back (choose "b") to the start page and choose "s" for save.

Backup the customized Users

The customized users are not part of the Airlock configuration file. So, it is necessary to backup the users separately by saving the following three files:

/opt/airlock/custom-settings/mgt-auth/password.properties
/opt/airlock/custom-settings/mgt-auth/roles.properties
/opt/airlock/custom-settings/mgt-auth/assertion_key.properties

For Airlock 4.2 the following files are relevant:
/airlock/management/gui/auth/password.properties
/airlock/management/gui/auth/roles.properties
/airlock/management/gui/auth/assertion_key.properties

After an upgrade, just replace the existing files with the three backup files.

Default Roles and Permissions

Actions (Execute) airlock-
supervisor
airlock-
auditor
airlock-
administrator
airlock-
app-admin
Log into Configuration Center x x x x
Change own password x x x x
Activate Configuration x   x x
Load Configuration x x x  
Import Configuration x x x  
Save Configuration x   x x
Export Configuration x x (without PK) x  
Import Mapping x x x x
Export Mapping x x x x
Shutdown/Reboot x   x  
Upload & Install Update x   x  
View/Search Logs x x x x
View System Monitor/Reporting Graphics x x x x
Add/Remove/Restart Add-on Modules x   x  
Manage Administrator Accounts (future release) x      
Configuration Management (Read OR Write+Create+Delete+Read) airlock-
supervisor
airlock-
auditor
airlock-
administrator
airlock-
app-admin
License RW R RW R
Routes/Hosts/Netmasks RW R RW R
Network Services (DNS/NTP/SNMP) RW R RW R
Alerting RW R RW R
ICAP RW R RW R
Virtual Hosts RW R RW R
Back-end Hosts RW R RW R
Mappings RW R RW RW
Reverse-Proxy Connection (Lines) RW R RW RW
SSL VPN Virtual Hosts + Channels RW R RW RW
Certificates RW R RW R
Session Settings RW R RW R
Deny Rules RW R RW R
Error Pages (R=Download, W=Upload) RW R RW R
Expert Settings RW R RW R
View uploaded error pages RW R RW R
Knowledge Base Categories: