You are here
Administration Roles
Last update on 13. January 2017 - 14:29.
Since Airlock 4.2, the Airlock Configuration Center uses role-based access control (RBAC):
- Each Airlock administrator should have a personal account.
- The configuration permissions depend on the role(s) associated with an account.
- The matrix below shows all pre-defined roles and the permissions they have.
- If you need an administrator to have a different set of permissions, you may choose to add custom administration roles.
UserManager Shell Script
To add a new adminstrator or edit an existing user, log in via ssh as root and call the airlock-user-manager (for Airlock 4.2 use UserManager) script as shown here:
root@airlock:/ # airlock-user-manager
For Airlock 4.2 use following commands instead:
root@airlock:/ # UserManager
Then follow the instructions on the screen.
Do not forget to save the new user settings after configuring the roles. To save, go back (choose "b") to the start page and choose "s" for save.
Backup the customized Users
The customized users are not part of the Airlock configuration file. So, it is necessary to backup the users separately by saving the following three files:
/opt/airlock/custom-settings/mgt-auth/password.properties
/opt/airlock/custom-settings/mgt-auth/roles.properties
/opt/airlock/custom-settings/mgt-auth/assertion_key.properties
For Airlock 4.2 the following files are relevant:
/airlock/management/gui/auth/password.properties
/airlock/management/gui/auth/roles.properties
/airlock/management/gui/auth/assertion_key.properties
After an upgrade, just replace the existing files with the three backup files.
Default Roles and Permissions
| Actions (Execute) | airlock- supervisor |
airlock- auditor |
airlock- administrator |
airlock- app-admin |
| Log into Configuration Center | x | x | x | x |
| Change own password | x | x | x | x |
| Activate Configuration | x | x | x | |
| Load Configuration | x | x | x | |
| Import Configuration | x | x | x | |
| Save Configuration | x | x | x | |
| Export Configuration | x | x (without PK) | x | |
| Import Mapping | x | x | x | x |
| Export Mapping | x | x | x | x |
| Shutdown/Reboot | x | x | ||
| Upload & Install Update | x | x | ||
| View/Search Logs | x | x | x | x |
| View System Monitor/Reporting Graphics | x | x | x | x |
| Add/Remove/Restart Add-on Modules | x | x | ||
| Manage Administrator Accounts (future release) | x |
| Configuration Management (Read OR Write+Create+Delete+Read) | airlock- supervisor |
airlock- auditor |
airlock- administrator |
airlock- app-admin |
| License | RW | R | RW | R |
| Routes/Hosts/Netmasks | RW | R | RW | R |
| Network Services (DNS/NTP/SNMP) | RW | R | RW | R |
| Alerting | RW | R | RW | R |
| ICAP | RW | R | RW | R |
| Virtual Hosts | RW | R | RW | R |
| Back-end Hosts | RW | R | RW | R |
| Mappings | RW | R | RW | RW |
| Reverse-Proxy Connection (Lines) | RW | R | RW | RW |
| SSL VPN Virtual Hosts + Channels | RW | R | RW | RW |
| Certificates | RW | R | RW | R |
| Session Settings | RW | R | RW | R |
| Deny Rules | RW | R | RW | R |
| Error Pages (R=Download, W=Upload) | RW | R | RW | R |
| Expert Settings | RW | R | RW | R |
| View uploaded error pages | RW | R | RW | R |