WebAdmin: Custom Administration Roles
Expand granularity of WebAdmin roles. Current access gives an "Office Manager" too much control across too many areas under each "manager" or "auditor" level term. We have the need to let one person Release Spam and add URLs to control office traffic
It would be nice if there was a list of available areas and operations with the ability for us to make a role composed of our selections.
John Sinclair commented
Need to have an admin come in just in order to do some OTP user cleanup. The admin/read only rights need to be extended to all webadmin categories so we can create our own RBAC accounts.
We've been after this function for ages as well. I often have to check status of RED connections or check other settings when our main UTM administrator isn't in. But, i'm not allowed to edit any. Now i have to login as superadmin to check these items. We need to be able to configure a group with any permissions as we please per category. Read-only or full access choice too. But currently this is only possible for a very limited amount of functions like mailmanager. Would be great to see this added asap, because the function is there (management > webadmin settings > access control), but just not all options are possible to choose from, it shouldn't be hard to add, but i see it's been a request for many years.
It would be very useful to be able to access the parts of the WebAdmin for these invividual roles (Mail Manager, VPNManager) directly rather than having to access the whole WebAdmin Interface.
e.g. a URL that went directly to Mail Manager with the login page if required would be a great advantage
It would be useful to add an access control role limited to site-to-site VPN management.
Right, I read this as a request to be able to limit access overall to VPN users. Oliver is suggesting that it be possible to delegate Site-to-Site VPN management just as it now is possible to delegate Remote Access management.
Oliver Lubek commented
Ok, after asking on the forum we agreed that this is currently not possible, hence it stays a feature request.
Oliver Lubek commented
It is? The Sophos support team told me it's not and I should go post it as a feature request. Anyway I'll post that question on the forum, thanks Bob.
Oliver, this is possible now. Ask on the User BB: http://www.astaro.com
Sean, you didn't say what version. In V8.2, you can add "Any" to 'Users/Groups allowed to bypass blocking', and then each bypass will be reported - that way they never have to wait on you.
Also in V8, it is possible to give them access to reports and to view things while preventing them from making any changes.