Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Alternate admin user partial permissions

    Scheduled Pinned Locked Moved webGUI
    4 Posts 2 Posters 469 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rb_it_pf
      last edited by rb_it_pf

      Problem: I have created two additional local pfSense users and assigned them to the default 'admin' group. Signing into either of these users, I am unable to define LDAP servers, or import certs. The GUI allows me to navigate to these pages and start plugging the settings, but the page forms aren't submitting/saving.

      The only user that seems to be able to do anything is the default admin, which I would like to disable in place of these new, alternate admin users.

      I am running pfSense 2.4.4-RELEASE-p3 (amd64) on a Netgate XG-2758. I am also observing the following on another unit, Netgate SG-4860.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Which groups specifically are these users a member of?
        Did you edit those groups yourself?

        If they cannot save settings, somehow they likely have the Deny Config Write privilege selected. The usual way that happens is when an admin accidentally does a select-all on the privilege list without considering what's actually in the list.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R
          rb_it_pf
          last edited by

          Thanks Jim. These alternate users are only members of the default 'admin' group with the scope of 'system'.
          The current Assigned Privilege for this group is: WebCfg - All pages. Security Notice: users in this group efectively have administrator-level access.

          You are likely right about the action 'The usual way that happens is when an admin accidentally does a select-all on the privilege list without considering what's actually in the list.' I think that I had messed with the privileges at some point. Is there a way to return this default group's privileges to default?

          Thanks.

          1 Reply Last reply Reply Quote 0
          • R
            rb_it_pf
            last edited by

            Hi Jim,
            Applying this patch fixed the issue: https://github.com/pfsense/pfsense/commit/b9ed452dbba4689e6280efa7f503e30809a3d8e4.patch
            Thanks.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.