User administration via shell script

The configuration center uses role-based access control (RBAC).

  • Each administrator should have a personal login account
  • The configuration permissions depend on the role(s) associated with an account
  • The matrix below shows the pre-defined roles and the permissions they have
  • If an administrator needs to have custom permissions, a customization of the administration roles is possible (see below)

airlock-user-manager-tool

To add a new administrator or edit an existing user, log in via ssh as root and invoke the airlock-user-manager-tool script as seen here:

root@Airlock:/ # airlock-user-manager-tool

After that, follow the instructions on the screen.

Do not forget to save the new user settings after the configuration. In order to save, go back (choose "b") to the initial page and choose "s" for save.

Default Roles and Permissions

Actions (Execute)

airlock-supervisor

airlock-auditor

airlock-administrator

airlock-app-admin

Log in to configuration center

x

x

x

x

Change own password

x

x

x

x

Activate configuration

x

x

x

Load configuration

x

x

x

Import configuration

x

x

x

Save configuration

x

x

x

Export configuration

x

x (without private key)

x

Import mapping

x

x

x

x

Export mapping

x

x

x

x

Shutdown/reboot

x

x

Upload and install update

x

x

View and search logs

x

x

x

x

View system monitoring and reports

x

x

x

x

Add, remove or restart add-on modules

x

x

Configuration management
(Read or Read+Write+Create+Delete)

airlock-supervisor

airlock-auditor

airlock-administrator

airlock-app-admin

License

RW

R

RW

R

Routes, hosts

RW

R

RW

R

Network services (DNS, NTP, SNMP)

RW

R

RW

R

Alerting

RW

R

RW

R

ICAP

RW

R

RW

R

Virtual hosts

RW

R

RW

R

Back-end hosts

RW

R

RW

R

Mappings

RW

R

RW

RW

Revers-proxy connections (lines)

RW

R

RW

RW

Certificates

RW

R

RW

R

Session settings

RW

R

RW

R

Deny rules

RW

R

RW

R

Error pages (R=download, W=upload)

RW

R

RW

R

Expert settings

RW

R

RW

R

View uploaded error pages

RW

R

RW

R

It is possible to configure custom administration roles with other permissions than shown in the table above. The creation of custom roles is currently experimental and not part of the public API of Airlock Gateway. Please refer to the technical knowledge base Techzone. There is an article available describing the creation of custom administration roles. The customization of administration roles is planned to be provided as a standard feature in a later Airlock Gateway release.