Role-based restriction of access to application functions

Depending on the assigned role, the user will be able to access specific web interface sections and operations with application settings.

A description of the allowed operations with application settings depending on the assigned privilege is presented in the table below.

Operations that are available when privileges are assigned

Privilege

Available functionality outside of workspaces

Available functionality in a workspace

Description of the privilege

Capability to switch between workspaces

View Dashboard and Reports

View all information in the Dashboard and Reports sections.

Yes

View information in the Dashboard section with the following limitations:

  • The System health widget is not displayed.
  • There is no capability for filtering by node or workspace.

    View, download, and delete all previously generated reports, and generate new reports only for the current workspace.

View traffic events

View the event log for processing traffic of workspaces and outside of workspaces, and export traffic processing events in the Events section.

Yes

View the event log for processing traffic of workspaces, and export traffic processing events in the Events section.

View system events

View the log of systems events of the application, and export system events of the application in the Events section.

No

Functionality is not available.

Create/edit rules

Add bypass rules, access rules, and protection rules for workspaces and outside of workspaces, and modify their settings in the Rules section.

Yes

Add bypass rules, access rules, and protection rules for the current workspace, and modify their settings in the Rules section.

View rules

View the table of traffic processing rules for workspaces and outside of workspaces in the Rules section.

When this privilege is assigned, the user will not be able to add or delete rules or modify their settings.

Yes

View the table of traffic processing rules for the current workspace in the Rules section.

When this permission is assigned, the user will not be able to add or delete rules or modify their settings.

Delete rules

Delete traffic processing rules for workspaces and outside of workspaces in the Rules section.

Yes

Delete traffic processing rules for the current workspace in the Rules section.

Create/edit workspaces

Add workspaces and modify the settings of workspaces in the Workspaces section.

Yes

Functionality is not available.

View workspaces

View the workspace table in the Workspaces section.

When this privilege is assigned, the user will not be able to add or delete workspaces or modify their settings.

Yes

Functionality is not available.

Delete workspaces

Delete workspaces in the Workspaces section.

Yes

Functionality is not available.

Create/edit/assign roles

Add roles for workspaces and outside of workspaces, and modify their settings in the Users section.

Yes

Add roles for the current workspace, and modify their settings in the Users section.

View roles

View the list of roles for workspaces and outside of workspaces in the Users section.

When this privilege is assigned, the user will not be able to add or delete roles or modify their settings.

Yes

View the list of roles for the current workspace in the Users section.

When this permission is assigned, the user will not be able to add or delete roles or modify their settings.

Delete roles

Delete roles for workspaces and outside of workspaces in the Users section.

Yes

Delete roles for the current workspace in the Users section.

Create/edit/delete nodes

Add and delete nodes of the cluster, and modify their settings in the Nodes section.

No

Functionality is not available.

Get diagnostic information

Start tracing, modify the trace level, and view trace logs of cluster nodes.

This privilege allows the user to view information about nodes, add and delete nodes, and to modify their settings.

No

Functionality is not available.

Check data integrity

Check the integrity of data on nodes of the cluster.

This privilege allows the user to view information about nodes, add and delete nodes, and to modify their settings.

No

Functionality is not available.

View node information

View information about nodes in the Nodes section.

When this privilege is assigned, the user will not be able to add or delete nodes or modify their settings.

No

Functionality is not available.

Edit settings

Modify application settings in the Settings section.

No

Functionality is not available.

View settings

View application settings in the Settings section.

When this privilege is assigned, the user will not be able to modify application settings.

No

Functionality is not available.

Manage SSH access

Adding and removing an SSH public key.

No

Functionality is not available.

Create/edit block page

Functionality is not available.

No

Modify the block page for the current workspace.

View block page

Functionality is not available.

No

View the block page for the current workspace.

The correspondence between available sections of the application web interface and privileges assigned to a user is presented in the table below.

Access to web interface sections depending on the assigned privileges

Scope of application

Privilege

Web interface section to which access is provided

Outside of workspaces

In a workspace

Outside of workspaces

View Dashboard and Reports

Dashboard

Dashboard

View traffic events

Events

Events

View system events

Events

Unavailable

Create/edit rules

Rules

Rules

View rules

Delete rules

Create/edit workspaces

Workspaces

Workspace settings

View workspaces

Delete workspaces

Create/edit/assign roles

Users

Users

View roles

Delete roles

Create/edit/delete nodes

Nodes

Unavailable

Get diagnostic information

Check data integrity

View node information

Edit settings

Settings

Unavailable

View settings

Manage SSH access

In a workspace

View Dashboard and Reports

Unavailable

Dashboard

View traffic events

Unavailable

Events

Create/edit rules

Unavailable

Rules

View rules

Delete rules

Create/edit roles

Unavailable

Users

View roles

Delete roles

Create/edit block page

Unavailable

Workspace settings

View block page

Page top