Specific access to user manager



  • Hi,

    Is there a way to only give some abilities on the user manager? I need that some people manage access to the captive portal but don't want that they get full access on the user manager, giving them the possibility to add administrator people, …

    I know I can also use RADIUS for this but I don't like the idea.

    why did you remove the user manager specific to the captive portal? It was a good solution for this case.


  • Rebel Alliance Developer Netgate

    I still see user manager options for captive portal pages.

    I show 8 different pages that can be set independently:

    WebCfg - Services: Captive Portal page
    WebCfg - Services: Captive Portal: Allowed IPs page
    WebCfg - Services: Captive Portal: Edit allowed IPs page
    WebCfg - Services: Captive Portal: Edit MAC addresses page
    WebCfg - Services: Captive Portal: File Manager page
    WebCfg - Services: Captive Portal: MAC addresses page
    WebCfg - Services: Captive Portal: Voucher Rolls page
    WebCfg - Services: Captive Portal: Vouchers page



  • I think he means giving people access to creating captive portal users, but not creating other users.


  • Rebel Alliance Developer Netgate

    Ah… yeah I could see something like that eventually with some kind of a "Group manger" delegation, where a "group manager" can create or edit users within his group (but not other "group managers").

    Not sure anything like that is designed into the current layout. May have to wait for after 2.0.



  • I also just remembered that there doesn't seem to be a way to create a user that does NOT have permissions to log into the captive portal.  Should there be a permission setting for captive portal and a group that gets created for it, to be assigned to captive portal users?

    I was going to suggest bringing back the captive portal users page, but I like that idea of a group manager permission.  It could also just be another permission in the list, with group manager permissions being shown for each group in the list of available permissions.



  • Both idea will be great in my case. The second one is more flexible but the first one fit also my needs, …

    If nobody implement this, I will need to create my own add-in for this and I didn't understand exactly how to do it actually, ... Is there a documentation regarding the development of packages compatible with pfsense 2.0 (that add for example a right to a specific page that you can add to users on the right manager).

    Is there a need to create a bug report for this or someone already did it?



  • If you need it you can push it through the support portal to be implemented.
    Otherwise for now there is no plan to do so.



  • You could create a feature request on http://redmine.pfsense.org/ if you want to make sure it isn't forgotten.  Just don't set a target version for now.


Locked