User administration via shell script

The configuration center uses role-based access control (RBAC).

  • Note the following:
  • Each administrator should have a personal login account.
  • Configuration permissions depend on account role(s).
  • The matrix below shows the pre-defined roles and the permissions they have.
  • If an administrator needs custom permissions, the administration roles can be customized (see below).

User manager tool

To add a new administrator or edit an existing user, start the airlock-user-manager-tool as root and follow the instructions on the screen:
root@Airlock:/ # airlock-user-manager-tool

Do not forget to save the new user settings after the configuration. To save, choose b to return to the initial page, then select s for save.

Backup of customized users

Customized users are not part of the default Airlock Gateway configuration file. Therefore, it is necessary to backup these users separately by saving the following three files:

  • /opt/airlock/custom-settings/mgt-auth/password.properties
  • /opt/airlock/custom-settings/mgt-auth/roles.properties
  • /opt/airlock/custom-settings/mgt-auth/assertion_key.properties

Default Roles and Permissions

Actions (Execute)

airlock-supervisor

airlock-auditor

airlock-administrator

airlock-app-admin

Log in to the configuration center

x

x

x

x

Change own password

x

x

x

x

Activate configuration

x

x

x

Load configuration

x

x

x

Import configuration

x

x

x

Save configuration

x

x

x

Export configuration

x

x (without private key)

x

Import mapping

x

x

x

x

Export mapping

x

x

x

x

Shutdown/reboot

x

x

Upload and install update

x

x

View and search logs

x

x

x

x

View system monitoring and reports

x

x

x

x

Add, remove, or restart add-on modules

x

x

Configuration management
(Read or Read+Write+Create+Delete)

airlock-supervisor

airlock-auditor

airlock-administrator

airlock-app-admin

License

RW

R

RW

R

Routes, hosts

RW

R

RW

R

Network services (DNS, NTP, SNMP)

RW

R

RW

R

Alerting

RW

R

RW

R

ICAP

RW

R

RW

R

Virtual hosts

RW

R

RW

R

Back-end hosts

RW

R

RW

R

Mappings

RW

R

RW

RW

Revers-proxy connections (lines)

RW

R

RW

RW

Certificates

RW

R

RW

R

Session settings

RW

R

RW

R

Deny rules

RW

R

RW

R

Error pages (R=download, W=upload)

RW

R

RW

R

Expert settings

RW

R

RW

R

View uploaded error pages

RW

R

RW

R

Configuring custom administration roles with permissions other than those shown in the table above is possible. However, the creation of custom roles is experimental and not part of the public API of Airlock Gateway.