User administration via shell script

The configuration center uses role-based access control (RBAC).

  • Each administrator should have a personal login account
  • The configuration permissions depend on the role(s) associated with an account
  • The matrix below shows the pre-defined roles and the permissions they have
  • If an administrator needs to have custom permissions, a customization of the administration roles is possible (see below)

airlock-user-manager-tool

To add a new administrator or edit an existing user, log in via ssh as root and invoke the airlock-user-manager-tool script as seen here:

root@Airlock:/ # airlock-user-manager-tool

After that, follow the instructions on the screen.

Do not forget to save the new user settings after the configuration. In order to save, go back (choose "b") to the initial page and choose "s" for save.

Default Roles and Permissions

Actions (Execute)
airlock-supervisor
airlock-auditor
airlock-administrator
airlock-app-admin
Log in to configuration center
x
x
x
x
Change own password
x
x
x
x
Activate configuration
x
 
x
x
Load configuration
x
x
x
 
Import configuration
x
x
x
 
Save configuration
x
 
x
x
Export configuration
x
x (without private key)
x
 
Import mapping
x
x
x
x
Export mapping
x
x
x
x
Shutdown/reboot
x
 
x
 
Upload and install update
x
 
x
 
View and search logs
x
x
x
x
View system monitoring and reports
x
x
x
x
Add, remove or restart add-on modules
x
 
x
 
Configuration management
(Read or Read+Write+Create+Delete)
airlock-supervisor
airlock-auditor
airlock-administrator
airlock-app-admin
License
RW
R
RW
R
Routes, hosts
RW
R
RW
R
Network services (DNS, NTP, SNMP)
RW
R
RW
R
Alerting
RW
R
RW
R
ICAP
RW
R
RW
R
Virtual hosts
RW
R
RW
R
Back-end hosts
RW
R
RW
RW
Mappings
RW
R
RW
RW
Revers-proxy connections (lines)
RW
R
RW
RW
Certificates
RW
R
RW
R
Session settings
RW
R
RW
R
Deny rules
RW
R
RW
R
Error pages (R=download, W=upload)
RW
R
RW
R
Expert settings
RW
R
RW
R
View uploaded error pages
RW
R
RW
R

It is possible to configure custom administration roles with other permissions than shown in the table above. The creation of custom roles is currently experimental and not part of the public API of Airlock Gateway. Please refer to the technical knowledge base Techzone. There is an article available describing the creation of custom administration roles. The customization of administration roles is planned to be provided as a standard feature in a later Airlock Gateway release.