Access Control
On the WebAdmin Settings > Access Control tab you can create WebAdmin roles for specific users. This allows for a fine-grained definition of the rights WebAdmin users can have.
There are two user roles predefined:
Auditor: Users having this role can view logging and reporting data.
Readonly: Users having this role can view everything in WebAdmin without being able to edit, create, or delete anything.
To assign users or groups one of these roles, click the Edit button and add the respective users or groups to the Members box.
You can create further roles, according to your security policies. Proceed as follows:
-
On the Access Control tab, click New Role.
The Add Role dialog box opens.
-
Specify the following settings:
Name: Enter a descriptive name for this definition.
Members: Add or select users or groups who are to have this role. For how to add new users or groups, see Definitions & Users > Users & Groups > Users.
Grant read-only access (optional): Select this checkbox to grant read-only access to all areas of WebAdmin to the given members.
Rights: This box contains different rights levels for the different functions of WebAdmin: auditor and manager. A manager has several rights for the respective function(s), whereas an auditor has only viewing rights. A manager has not the right to create new users. User creation is only allowed by the SuperAdmin. You can choose one or more rights by selecting the respective checkbox in front of a right.
Example: You could give the user Jon Doe manager rights for Email Protection and additionally select the checkbox Grant read-only access. He would then be able to change settings in the Email Protection section and view all other areas of WebAdmin without being able to change anything there.
Comment (optional): Add a description or other information.
-
Click Save.
Your settings will be saved.
To either edit or delete a role, click the corresponding buttons. Note that the Auditor and Readonly roles cannot be deleted.
User Rights
Define multiple user rights for different areas of WebAdmin. In general an auditor has viewing rights and a manager additionally has writing rights. All user rights (except Report Auditor, Mail Manager and Log File Auditor) have permissions to view or edit, respectively:
- Definitions & Users > Network Definitions
- Definitions & Users > Service Definitions
- Definitions & Users > Time Period Definitions
- Logging & Reporting > View Log Files
Additionally, the following user rights are available:
| User Right | Permission to Read | Permission to Read/Write |
|---|---|---|
| Log File Auditor |
Management > Sophos Mobile Control Logging & Reporting > View Log Files |
|
| Mail Manager |
Logging & Reporting > View Log Files Logging & Reporting > Email Protection |
Email Protection > Mail Manager |
| Mail Protection Manager |
Email Protection Logging & Reporting > Email Protection |
|
| Network Protection Auditor |
Interfaces & Routing overview Network Protection Logging & Reporting > Network Usage Logging & Reporting > Network Protection |
|
| Network Protection Manager |
Interfaces & Routing Overview Network Protection Logging & Reporting > Network Usage Logging & Reporting > Network Protection |
|
| Remote Access Auditor |
Remote Access Logging & Reporting > Remote Access |
|
| Remote Access Manager |
Remote Access Logging & Reporting > Remote Access |
|
| Report Auditor |
Dashboard Interfaces & Routing overview Network Protection overview Web Protection overview Email Protection overview Advanced Protection overview Site-to-site VPN Remote Access overview Logging & Reporting:
|
|
| Web Application Protection Auditor |
Webserver Protection Logging & Reporting > Webserver Protection |
|
| Web Application Protection Manager |
Webserver Protection Logging & Reporting > Webserver Protection |
|
| Web Protection Auditor |
Web Protection Logging & Reporting > Web Protection |
|
| Web Protection Manager |
Web Protection Logging & Reporting > Web Protection |
|
| Wireless Protection Auditor |
Wireless Protection Logging & Reporting > Wireless Protection |
|
| Wireless Protection Manager |
Wireless Protection Logging & Reporting > Wireless Protection |
It is possible to combine multiple user rights.
Related Topics