Remove menu items and tabs from Web GUI



  • Hi all,

    Is there an easy way I can remove/hide menu items and particular tabs from the Web GUI?

    I have searched but was unable to unearth anything useful.

    Thanks

    James.



  • Did you tried to create another user and restrict It's access with permission?



  • I've not tried that yet as I was hoping to make the change global and effective for every user.



  • you can apply this restriction to a group and then associate users to this group.



  • Just tested that but the restricted items are still displayed on the menu.



  • displayed but not accessible


  • Rebel Alliance Developer Netgate

    I'll just leave this here…
    http://redmine.pfsense.org/issues/773



  • I created a restricted user with access to only a few menus and then added that code to line 229 of fbegin.inc

    When I login as the restricted user, I still see all the menus that I don;t have access to  ???


  • Rebel Alliance Developer Netgate

    I mainly meant that it's an open feature request so it's a known issue. I'm not sure how proper the fix there there.



  • Ah ok, thanks Jim  :)



  • @marcelloc:

    displayed but not accessible

    Hi,

    I'm trying to restrict access to page-interfaces: Bridge page and Bridge Edit page for all users including admin. I've tried doing this by editing the XML config for the 'Admins' group as follows:

    • <system><optimization>normal</optimization>
        <hostname>pfsense</hostname>
        <domain>localdomain</domain>
    • <group><name>admins</name>
    • <description>-   ]]></description>
        <scope>system</scope>
        <gid>1999</gid>
        <member>0</member>
        <priv>user-copy-files</priv>
        <priv>user-ipsec-xauth-dialin</priv>
        <priv>user-l2tp-dialin</priv>
        <priv>user-pppoe-dialin</priv>
        <priv>user-pptp-dialin</priv>
        <priv>user-shell-access</priv>
        <priv>user-ssh-tunnel</priv>
        <priv>page-dashboard-all</priv>
        <priv>page-dashboard-widgets</priv>
        <priv>page-diag-system-activity</priv>
        <priv>page-diagnostics-arptable</priv>
        <priv>page-diagnostics-authentication</priv>
        <priv>page-diagnostics-backup/restore</priv>
        <priv>page-diagnostics-command</priv>
        <priv>page-diagnostics-configurationhistory</priv>
        <priv>page-diagnostics-cpuutilization</priv>
        <priv>page-diagnostics-crash-reporter</priv>
        <priv>page-diagnostics-edit</priv>
        <priv>page-diagnostics-factorydefaults</priv>
        <priv>page-diagnostics-haltsystem</priv>
        <priv>page-diagnostics-interfacetraffic</priv>
        <priv>page-diagnostics-logs-dhcp</priv>
        <priv>page-diagnostics-logs-firewall</priv>
        <priv>page-diagnostics-logs-pptpvpn</priv>
        <priv>page-diagnostics-logs-settings</priv>
        <priv>page-diagnostics-logs-system</priv>
        <priv>page-diagnostics-nanobsd</priv>
        <priv>page-diagnostics-packetcapture</priv>
        <priv>page-diagnostics-patters</priv>
        <priv>page-diagnostics-ping</priv>
        <priv>page-diagnostics-rebootsystem</priv>
        <priv>page-diagnostics-resetstate</priv>
        <priv>page-diagnostics-restart-httpd</priv>
        <priv>page-diagnostics-routingtables</priv>
        <priv>page-diagnostics-showstates</priv>
        <priv>page-diagnostics-statessummary</priv>
        <priv>page-diagnostics-tables</priv>
        <priv>page-diagnostics-traceroute</priv>
        <priv>page-diagnostics-wirelessstatus</priv>
        <priv>page-firewall-alias-edit</priv>
        <priv>page-firewall-alias-import</priv>
        <priv>page-firewall-aliases</priv>
        <priv>page-firewall-nat-1-1</priv>
        <priv>page-firewall-nat-1-1-edit</priv>
        <priv>page-firewall-nat-outbound</priv>
        <priv>page-firewall-nat-outbound-edit</priv>
        <priv>page-firewall-nat-portforward</priv>
        <priv>page-firewall-nat-portforward-edit</priv>
        <priv>page-firewall-rules</priv>
        <priv>page-firewall-rules-edit</priv>
        <priv>page-firewall-schedules</priv>
        <priv>page-firewall-schedules-edit</priv>
        <priv>page-firewall-trafficshaper</priv>
        <priv>page-firewall-trafficshaper-layer7</priv>
        <priv>page-firewall-trafficshaper-limiter</priv>
        <priv>page-firewall-trafficshaper-queues</priv>
        <priv>page-firewall-trafficshaper-wizard</priv>
        <priv>page-firewall-virtualipaddress-edit</priv>
        <priv>page-firewall-virtualipaddresses</priv>
        <priv>page-getserviceproviders</priv>
        <priv>page-getstats</priv>
        <priv>page-hidden-detailedstatus</priv>
        <priv>page-hidden-execraw</priv>
        <priv>page-hidden-nolongerincluded</priv>
        <priv>page-hidden-uploadconfiguration</priv>
        <priv>page-interfaces</priv>
        <priv>page-interfaces-assignnetworkports</priv>
        <priv>page-interfaces-gif</priv>
        <priv>page-interfaces-gif-edit</priv>
        <priv>page-interfaces-gre</priv>
        <priv>page-interfaces-gre-edit</priv>
        <priv>page-interfaces-groups</priv>
        <priv>page-interfaces-ppps</priv>
        <priv>page-interfaces-ppps-edit</priv>
        <priv>page-interfaces-wireless</priv>
        <priv>page-interfaces-wireless-edit</priv>
        <priv>page-interfacess-groups</priv>
        <priv>page-interfacess-lagg</priv>
        <priv>page-interfacess-qinq</priv>
        <priv>page-ipsecxml</priv>
        <priv>page-loadbalancer-pool</priv>
        <priv>page-loadbalancer-pool-edit</priv>
        <priv>page-loadbalancer-virtualserver-edit</priv>
        <priv>page-openvpn-client</priv>
        <priv>page-openvpn-csc</priv>
        <priv>page-openvpn-server</priv>
        <priv>page-package-edit</priv>
        <priv>page-package-settings</priv>
        <priv>page-pfsensewizardsubsystem</priv>
        <priv>page-pkg-mgr-settings</priv>
        <priv>page-requiredforjavascript</priv>
        <priv>page-services-captiveportal</priv>
        <priv>page-services-captiveportal-allowedhostnames</priv>
        <priv>page-services-captiveportal-allowedips</priv>
        <priv>page-services-captiveportal-editallowedhostnames</priv>
        <priv>page-services-captiveportal-editallowedips</priv>
        <priv>page-services-captiveportal-editmacaddresses</priv>
        <priv>page-services-captiveportal-filemanager</priv>
        <priv>page-services-captiveportal-macaddresses</priv>
        <priv>page-services-captiveportal-voucher-edit</priv>
        <priv>page-services-captiveportal-vouchers</priv>
        <priv>page-services-dnsforwarder</priv>
        <priv>page-services-dnsforwarder-editdomainoverride</priv>
        <priv>page-services-dnsforwarder-edithost</priv>
        <priv>page-services-dynamicdnsclient</priv>
        <priv>page-services-dynamicdnsclients</priv>
        <priv>page-services-igmpproxy</priv>
        <priv>page-services-loadbalancer-monitor</priv>
        <priv>page-services-loadbalancer-monitor-edit</priv>
        <priv>page-services-loadbalancer-relay-action</priv>
        <priv>page-services-loadbalancer-relay-action-edit</priv>
        <priv>page-services-loadbalancer-relay-protocol</priv>
        <priv>page-services-loadbalancer-relay-protocol-edit</priv>
        <priv>page-services-loadbalancer-virtualservers</priv>
        <priv>page-services-pppoeserver</priv>
        <priv>page-services-pppoeserver-eidt</priv>
        <priv>page-services-rfc2136clients</priv>
        <priv>page-services-snmp</priv>
        <priv>page-services-wakeonlan</priv>
        <priv>page-services-wakeonlan-edit</priv>
        <priv>page-status-captiveportal</priv>
        <priv>page-status-captiveportal-test</priv>
        <priv>page-status-captiveportal-voucher-rolls</priv>
        <priv>page-status-captiveportal-vouchers</priv>
        <priv>page-status-carp</priv>
        <priv>page-status-cpuload</priv>
        <priv>page-status-dhcpleases</priv>
        <priv>page-status-filterreloadstatus</priv>
        <priv>page-status-gatewaygroups</priv>
        <priv>page-status-gateways</priv>
        <priv>page-status-interfaces</priv>
        <priv>page-status-ipsec</priv>
        <priv>page-status-ipsec-sad</priv>
        <priv>page-status-ipsec-spd</priv>
        <priv>page-status-loadbalancer-pool</priv>
        <priv>page-status-loadbalancer-virtualserver</priv>
        <priv>page-status-openvpn</priv>
        <priv>page-status-packagelogs</priv>
        <priv>page-status-rrdgraph-settings</priv>
        <priv>page-status-rrdgraphs</priv>
        <priv>page-status-services</priv>
        <priv>page-status-systemlogs-ipsecvpn</priv>
        <priv>page-status-systemlogs-loadbalancer</priv>
        <priv>page-status-systemlogs-openntpd</priv>
        <priv>page-status-systemlogs-openvpn</priv>
        <priv>page-status-systemlogs-portalauth</priv>
        <priv>page-status-systemlogs-ppp</priv>
        <priv>page-status-trafficgraph</priv>
        <priv>page-status-trafficshaper-queues</priv>
        <priv>page-status-upnpstatus</priv>
        <priv>page-system-advanced-admin</priv>
        <priv>page-system-advanced-firewall</priv>
        <priv>page-system-advanced-misc</priv>
        <priv>page-system-advanced-network</priv>
        <priv>page-system-advanced-notifications</priv>
        <priv>page-system-advanced-sysctl</priv>
        <priv>page-system-authservers</priv>
        <priv>page-system-camanager</priv>
        <priv>page-system-certmanager</priv>
        <priv>page-system-crlmanager</priv>
        <priv>page-system-firmware-autoupdate</priv>
        <priv>page-system-firmware-checkforupdate</priv>
        <priv>page-system-firmware-manualupdate</priv>
        <priv>page-system-firmware-settings</priv>
        <priv>page-system-gatewaygroups</priv>
        <priv>page-system-gateways</priv>
        <priv>page-system-gateways-editgateway</priv>
        <priv>page-system-gateways-editgatewaygroups</priv>
        <priv>page-system-generalsetup</priv>
        <priv>page-system-groupmanager</priv>
        <priv>page-system-groupmanager-addprivs</priv>
        <priv>page-system-license</priv>
        <priv>page-system-login/logout</priv>
        <priv>page-system-packagemanager</priv>
        <priv>page-system-packagemanager-installed</priv>
        <priv>page-system-packagemanager-installpackage</priv>
        <priv>page-system-staticroutes</priv>
        <priv>page-system-staticroutes-editroute</priv>
        <priv>page-system-usermanager</priv>
        <priv>page-system-usermanager-addprivs</priv>
        <priv>page-system-usermanager-passwordmg</priv>
        <priv>page-system-usermanager-settings</priv>
        <priv>page-system-usermanager-settings-testldap</priv>
        <priv>page-upload_progress</priv>
        <priv>page-vpn-ipsec</priv>
        <priv>page-vpn-ipsec-editkeys</priv>
        <priv>page-vpn-ipsec-editphase1</priv>
        <priv>page-vpn-ipsec-editphase2</priv>
        <priv>page-vpn-ipsec-listkeys</priv>
        <priv>page-vpn-ipsec-mobile</priv>
        <priv>page-vpn-vpnl2tp</priv>
        <priv>page-vpn-vpnl2tp-users</priv>
        <priv>page-vpn-vpnl2tp-users-edit</priv>
        <priv>page-vpn-vpnpptp</priv>
        <priv>page-vpn-vpnpptp-user-edit</priv>
        <priv>page-vpn-vpnpptp-users</priv>
        <priv>page-xmlrpcinterfacestats</priv>
        <priv>page-xmlrpclibrary</priv></group>

    When I reload the config the group seems to correctly reflect the new privaleges above, missing the Bridge pages (plus a few others I removed), but the pages are still accessable and I can still Bridge interfaces. Have I done something silly?

    Thanks very much in advance!

    M.</system>



  • @martinjsaunders:

    When I reload the config the group seems to correctly reflect the new privaleges above, missing the Bridge pages (plus a few others I removed), but the pages are still accessable and I can still Bridge interfaces. Have I done something silly?

    Thanks very much in advance!

    M.

    To answer my own question, if I add a new users in the group Admins it inherits the correct permissions. This is fine but I'd rather disable admin for Bridging as well, is the admin user inheriting it's permissions from somwhere else as well?


Log in to reply