Access Control

On the WebAdmin Settings > Access Control tab you can create WebAdmin roles for specific users. This allows for a fine-grained definition of the rights WebAdmin users can have.

There are two user roles predefined:

Auditor: Users having this role can view logging and reporting data.

Readonly: Users having this role can view everything in WebAdmin without being able to edit, create, or delete anything.

To assign users or groups one of these roles, click the Edit button and add the respective users or groups to the Members box.

You can create further roles, according to your security policies. Proceed as follows:

1. On the Access Control tab, click New Role.

   The Add Role dialog box opens.

2. Make the following settings:

   Name: Enter a descriptive name for this definition.

   Members: Add or select users or groups who are to have this role. How to add users is explained on the Definitions & Users > Users & Groups > Users page.

   Grant read-only access (optional): Select this checkbox to grant read-only access to all areas of WebAdmin to the given members.

   Rights: This box contains different rights levels for the different functions of WebAdmin: auditor and manager. A manager has several rights for the respective function(s), whereas an auditor has only viewing rights. A manager has not the right to create new users. User creation is only allowed by the SuperAdmin. You can choose one or more rights by selecting the respective checkbox in front of a right.

   Example: You could give the user Jon Doe manager rights for Email Protection and additionally select the checkbox Grant read-only access. He would then be able to change settings in the Email Protection section and view all other areas of WebAdmin without being able to change anything there.

   Comment (optional): Add a description or other information.

3. Click Save.

   Your settings will be saved.

To either edit or delete a role, click the corresponding buttons. Note that the Auditor and Readonly roles cannot be deleted.

User Rights

Define multiple user rights for different areas of WebAdmin. In general an auditor has viewing rights and a manager additionally has writing rights. All user rights (except Report Auditor, Mail Manager and Log File Auditor) have permissions to view or edit, respectively:

• Definitions & Users > Network Definitions
• Definitions & Users > Service Definitions
• Definitions & Users > Time Period Definitions
• Logging & Reporting > View Log Files

Additionally, the following user rights are available:

User Right	Permission to Read	Permission to Read/Write
Log File Auditor	Management > Sophos Mobile Control Endpoint Protection > Web Control Logging & Reporting > View Log Files
Mail Manager	Logging & Reporting > View Log Files Logging & Reporting > Email Protection	Email Protection > Mail Manager
Mail Protection Manager		Email Protection Logging & Reporting > Email Protection
Network Protection Auditor	Interfaces & Routing overview Network Protection Logging & Reporting > Network Usage Logging & Reporting > Network Protection
Network Protection Manager		Interfaces & Routing Overview Network Protection Logging & Reporting > Network Usage Logging & Reporting > Network Protection
Remote Access Auditor	Remote Access Logging & Reporting > Remote Access
Remote Access Manager		Remote Access Logging & Reporting > Remote Access
Report Auditor	Dashboard Interfaces & Routing overview Network Protection overview Web Protection overview Email Protection overview Advanced Protection overview Site-to-site VPN Remote Access overview Logging & Reporting: Hardware Network Usage Network Protection Web Protection Email Protection Wireless Protection Remote Access Webserver Protection Executive Report
Web Application Protection Auditor	Webserver Protection Logging & Reporting > Webserver Protection
Web Application Protection Manager		Webserver Protection Logging & Reporting > Webserver Protection
Web Protection Auditor	Web Protection Logging & Reporting > Web Protection
Web Protection Manager		Web Protection Logging & Reporting > Web Protection
Wireless Protection Auditor	Wireless Protection Logging & Reporting > Wireless Protection
Wireless Protection Manager		Wireless Protection Logging & Reporting > Wireless Protection

It is possible to combine multiple user rights.