Mageni supports the creation and configuration of your own user roles. Like in all other instances the modification of the factory provided roles is not possible. However they may be copied/cloned and subsequently modified. This ensures consistent behaviour when updating the software.
The role management can be accessed via the web interface in the menu Administration > Roles. The following seven (7) roles are available by default:
- Admin: This role by default has all permissions. It is especially allowed to create and manage other users.
- Guest: This role corresponds with the Info role. It merely is not allowed to change its settings.
- Info: This role (Information Browser) only has read access to the NVTs and SCAP information. All other information is not available.
- Monitor: This role has access to performance data of the GSM (see section Appliance Performance).
- Observer: This role has read access to the system. It is not allowed to start or create new scans. It has only read access to the scans for which the respective users have been set up as observers.
- Super Admin: This role has access to all objects of all users. It has no relation to the SuperUser in the command line. This role can not be configured in the web interface. The configuration is only possible in the CLI.
- User: This role by default has all permissions with the exception of user, role and group management. Besides, this role is not allowed to synchronize and manage the feeds. In the web interface there is no access to the menu option Administration. All other options, however, are available to this role.
Additional roles can easily be created. The simplest way to create a new role is copying one of the existing roles that reflects your needs the closest and modify it. In rare cases you might want to create a role that only supports limited functionality. In those cases it makes more sense to start with an empty role.
User can have more than one role. Therefore permissions can be grouped with the help of the roles. If more than more than one role is assigned to a user the permissions of the roles will all be added.
To create a new role go to Administration > Roles and click on the start icon and fill out the fields, then click on the Create button to save the new role.
Now you will see the new role that you have created listed on the Administration > Roles page:
Once that you have clicked on the role, a new screen will appear showing you the role's details:
Now you must add permissions to your role. In order to do so you need to click on the Edit button and the screen with the options to add and remove permissions will be shown to you. From there you can add multiple permissions with the "Create Permission" button and the click Save to make permanent your changes.