The configuration center uses role-based access control (RBAC).
- ●Each administrator should have a personal login account
- ●The configuration permissions depend on the role(s) associated with an account
- ●The matrix below shows the pre-defined roles and the permissions they have
- ●If an administrator needs to have custom permissions, a customization of the administration roles is possible (see below)
airlock-user-manager-tool
To add a new administrator or edit an existing user, log in via ssh as root and invoke the airlock-user-manager-tool script as seen here:
root@Airlock:/ # airlock-user-manager-tool
After that, follow the instructions on the screen.
Do not forget to save the new user settings after the configuration. In order to save, go back (choose "b") to the initial page and choose "s" for save.
Default Roles and Permissions
Actions (Execute) | airlock-supervisor | airlock-auditor | airlock-administrator | airlock-app-admin |
Log in to configuration center | x | x | x | x |
Change own password | x | x | x | x |
Activate configuration | x | x | x | |
Load configuration | x | x | x | |
Import configuration | x | x | x | |
Save configuration | x | x | x | |
Export configuration | x | x (without private key) | x | |
Import mapping | x | x | x | x |
Export mapping | x | x | x | x |
Shutdown/reboot | x | x | ||
Upload and install update | x | x | ||
View and search logs | x | x | x | x |
View system monitoring and reports | x | x | x | x |
Add, remove or restart add-on modules | x | x |
Configuration management (Read or Read+Write+Create+Delete) | airlock-supervisor | airlock-auditor | airlock-administrator | airlock-app-admin |
License | RW | R | RW | R |
Routes, hosts | RW | R | RW | R |
Network services (DNS, NTP, SNMP) | RW | R | RW | R |
Alerting | RW | R | RW | R |
ICAP | RW | R | RW | R |
Virtual hosts | RW | R | RW | R |
Back-end hosts | RW | R | RW | RW |
Mappings | RW | R | RW | RW |
Revers-proxy connections (lines) | RW | R | RW | RW |
Certificates | RW | R | RW | R |
Session settings | RW | R | RW | R |
Deny rules | RW | R | RW | R |
Error pages (R=download, W=upload) | RW | R | RW | R |
Expert settings | RW | R | RW | R |
View uploaded error pages | RW | R | RW | R |
It is possible to configure custom administration roles with other permissions than shown in the table above. The creation of custom roles is currently experimental and not part of the public API of Airlock Gateway. Please refer to the technical knowledge base Techzone. There is an article available describing the creation of custom administration roles. The customization of administration roles is planned to be provided as a standard feature in a later Airlock Gateway release.