Read-only User
-
Hi,
is it possible to create a user that can read everything but not change anything? For Security audits for example.I've already read this
https://forum.pfsense.org/index.php?topic=28795.0#lastPostshould now be possible according to documentation
https://doc.pfsense.org/index.php/2.1_New_Features_and_ChangesI can't find further info's to this.
I'm using version 2.3.2-RELEASE (amd64)
built on Tue Jul 19 12:44:43 CDT 2016
FreeBSD 10.3-RELEASE-p5 -
should now be possible according to documentation
https://doc.pfsense.org/index.php/2.1_New_Features_and_ChangesYou may mean this: Read-only privilege to create a user that cannot modify config.xml
This does exactly what it's saying. Users with read-only privilege cannot modify the config.
Only users who are member of admins group are permitted to change the config.I've played around with such a user a short time ago and I've experienced that such a user may stop and restart services though, kick out vpn users and whatever, but even not change the configuration file. So if you don't want to allow these, only assign pages to that user in "Effective Privileges" on which one he can do nothing like that.
-
Hello, I created a User with only two rights Dashboard(all) and Firewall:Rules (Screenshot) no groups
But he is still able to change the config.xml in this case he can activate or delete rules of the Firewall. And the changes are written down to the config.
Is there a change to create a True Read-Only User? Or is this a bug?
-
You mean like User - Config: Deny Config Write at the very top of the privs list?
-
Oh yes! so stupid absolutely my fault sorry :-\
Thank you!!