The dialog for the creation and management of users can be accessed via the Administration > Users menu. This menu is only visible to administrators as only they are allowed to create and manage additional users. The dialog to create a new user can be accessed via the white asterisk on blue background or by selecting the wrench an existing user can be modified.
When creating a new user the following options are available:
- Login Name: This is the name the user logs in with. If an LDAP server is used for central password management, the user needs to be created with the identical name (rDN) as used by the LDAP server. This is also true when using a RADIUS server. The name can be a maximum of 80 characters and can contain letters and numbers.
- Password: This is the password for the user. The password can be a maximum of 40 characters and can contain any type of character. Please note when using special characters that they are available on all keyboards and operating systems in use.
- Roles (optional): Each user can have multiple roles. While it is possible to add and configure additional roles, at the beginning, the roles Admin, User, Info, Observer, Guest and Monitor are available. These roles are discussed in more detail in section User Roles.
- Groups: Each user can be a member of multiple groups. Permissions management can be performed via groups as well.
- Host Access: These systems may be analyzed by the user in a scan. Alternatively you can specify which systems should not be considered in a scan. These restrictions also apply to administrators. They can, however, remove these restrictions themselves. This function simply serves as a self-protection for administrators. Normal users (User) and roles without access to the user management respectively cannot circumvent this restriction. Basically either a whitelist (deny all and allow) or a blacklist (allow all and deny) are possible. In the first case the scanning of all systems is denied in general and only explicitly listed systems are allowed to be scanned. In the latter case the scanning of all systems is allowed except the listed systems. System names as well as IPv4 and IPv6 addresses can be entered. Furthermore individual IP addresses as well as address ranges and network segments can be specified. The following listing shows some examples:
- 192.168.15.5 (IPv4 address)
- 192.168.15.5-192.168.15.27 (IPv4 range long form)
- 192.168.15.5-27 (IPv4 range short form)
- 192.168.15.128/25 (CIDR notation)
- 2001:db8::1 (IPv6 address)
- 2001:db8::1-2001:db8::15 (IPv6 range long form)
- 2001:db8::1-15 (IPv6 range short form)
- 2001:db8::/120 (CIDR notation)
All options can be mixed and matched and entered as a comma separated list. The netmask in the CIDR notation is restricted to a maximum of 20 for IPv4 and 116 for IPv6. In both cases the result is a maximum of 4096 IP addresses.
- Interface Access: If the appliance uses several network adapters to connect to different networks the usage of these adapter may be restricted for the scan by the user. A comma separated list of network adapters can be entered and similar to the Host Access it can be chosen between a whitelist and blacklist methodology.