Access Control

On the WebAdmin Settings > Access Control tab you can create WebAdmin roles for specific users. This allows for a fine-grained definition of the rights WebAdmin users can have.

There are two user roles predefined:

Auditor: Users having this role can view logging and reporting data.

Readonly: Users having this role can view everything in WebAdmin without being able to edit, create, or delete anything.

To assign users or groups one of these roles, click the Edit button and add the respective users or groups to the Members box.

You can create further roles, according to your security policies. Proceed as follows:

  1. On the Access Control tab, click New Role.

    The Add Role dialog box opens.

  2. Specify the following settings:

    Name: Enter a descriptive name for this definition.

    Members: Add or select users or groups who are to have this role. For how to add new users or groups, see Definitions & Users > Users & Groups > Users.

    Grant read-only access (optional): Select this checkbox to grant read-only access to all areas of WebAdmin to the given members.

    Rights: This box contains different rights levels for the different functions of WebAdmin: auditor and manager. A manager has several rights for the respective function(s), whereas an auditor has only viewing rights. A manager has not the right to create new users. User creation is only allowed by the SuperAdmin. You can choose one or more rights by selecting the respective checkbox in front of a right.

    Example: You could give the user Jon Doe manager rights for Email Protection and additionally select the checkbox Grant read-only access. He would then be able to change settings in the Email Protection section and view all other areas of WebAdmin without being able to change anything there.

    Comment (optional): Add a description or other information.

  3. Click Save.

    Your settings will be saved.

To either edit or delete a role, click the corresponding buttons. Note that the Auditor and Readonly roles cannot be deleted.

User Rights

Define multiple user rights for different areas of WebAdmin. In general an auditor has viewing rights and a manager additionally has writing rights. All user rights (except Report Auditor, Mail Manager and Log File Auditor) have permissions to view or edit, respectively:

  • Definitions & Users > Network Definitions
  • Definitions & Users > Service Definitions
  • Definitions & Users > Time Period Definitions
  • Logging & Reporting > View Log Files

Additionally, the following user rights are available:

User Right Permission to Read Permission to Read/Write
Log File Auditor

Management > Sophos Mobile Control

Logging & Reporting > View Log Files

 
Mail Manager

Logging & Reporting > View Log Files

Logging & Reporting > Email Protection

Email Protection > Mail Manager

Mail Protection Manager  

Email Protection

Logging & Reporting > Email Protection

Network Protection Auditor

Interfaces & Routing overview

Network Protection

Logging & Reporting > Network Usage

Logging & Reporting > Network Protection

 
Network Protection Manager  

Interfaces & Routing Overview

Network Protection

Logging & Reporting > Network Usage

Logging & Reporting > Network Protection

Remote Access Auditor

Remote Access

Logging & Reporting > Remote Access

 
Remote Access Manager  

Remote Access

Logging & Reporting > Remote Access

Report Auditor

Dashboard

Interfaces & Routing overview

Network Protection overview

Web Protection overview

Email Protection overview

Advanced Protection overview

Site-to-site VPN

Remote Access overview

Logging & Reporting:

Hardware

Network Usage

Network Protection

Web Protection

Email Protection

Wireless Protection

Remote Access

Webserver Protection

Executive Report

 
Web Application Protection Auditor

Webserver Protection

Logging & Reporting > Webserver Protection

 
Web Application Protection Manager  

Webserver Protection

Logging & Reporting > Webserver Protection

Web Protection Auditor

Web Protection

Logging & Reporting > Web Protection

 
Web Protection Manager  

Web Protection

Logging & Reporting > Web Protection

Wireless Protection Auditor

Wireless Protection

Logging & Reporting > Wireless Protection

 
Wireless Protection Manager  

Wireless Protection

Logging & Reporting > Wireless Protection

It is possible to combine multiple user rights.