Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Role-Based Access Control

    1. In the Web UI, go to Configuration > Users and Groups.
    2. Click Manage Authentication Settings.
    3. Enter all information relating to your LDAP or RADIUS server and click Save. You should now see the corresponding service as Enabled under the Authentication section of Users and Groups.
    4. The next step is to configure roles for various users. By default, the user mykonos is enabled and given the role Super Administrator. To add additional users, click the Add User link.
    5. You are prompted to enter a Username and you are given a choice of which groups you want the user to inherit. A complete description of all roles is available by clicking View Role Descriptions beneath the Roles drop down list. A more simplistic table of roles and their corresponding permissions can be found in Appendix D, RBAC Groups and Roles.

      Figure 1: Users and Groups, Add User

      Users and Groups, Add User

      Figure 2: Assigned Roles

      Assigned Roles

    Note: Because WebApp Secure doesn't actually create users on the appliance itself but merely maps the username to the given permissions, the only way to effectively remove the user is to strip them from all roles. After removing roles and saving, the entry in the Authorization table is removed.

    Note: WebApp Secure doesn't allow the last RBAC Administrator role to be deleted. It is possible to remove your own permissions, though, essentially locking you out of the system. Similarly, re-initializing the configuration settings will wipe out all user-role mappings, and the mykonos user will be the only one able to assign roles.

    Note: Any violations of access control (a user trying to access some part of the system they aren't configured to access) will be logged to the audit log.

    Published: 2013-11-20