Remove menu items and tabs from Web GUI
-
I've not tried that yet as I was hoping to make the change global and effective for every user.
-
you can apply this restriction to a group and then associate users to this group.
-
Just tested that but the restricted items are still displayed on the menu.
-
displayed but not accessible
-
I'll just leave this here…
http://redmine.pfsense.org/issues/773 -
I created a restricted user with access to only a few menus and then added that code to line 229 of fbegin.inc
When I login as the restricted user, I still see all the menus that I don;t have access to ???
-
I mainly meant that it's an open feature request so it's a known issue. I'm not sure how proper the fix there there.
-
Ah ok, thanks Jim :)
-
displayed but not accessible
Hi,
I'm trying to restrict access to page-interfaces: Bridge page and Bridge Edit page for all users including admin. I've tried doing this by editing the XML config for the 'Admins' group as follows:
- <system><optimization>normal</optimization>
<hostname>pfsense</hostname>
<domain>localdomain</domain> - <group><name>admins</name>
- <description>- ]]></description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>user-copy-files</priv>
<priv>user-ipsec-xauth-dialin</priv>
<priv>user-l2tp-dialin</priv>
<priv>user-pppoe-dialin</priv>
<priv>user-pptp-dialin</priv>
<priv>user-shell-access</priv>
<priv>user-ssh-tunnel</priv>
<priv>page-dashboard-all</priv>
<priv>page-dashboard-widgets</priv>
<priv>page-diag-system-activity</priv>
<priv>page-diagnostics-arptable</priv>
<priv>page-diagnostics-authentication</priv>
<priv>page-diagnostics-backup/restore</priv>
<priv>page-diagnostics-command</priv>
<priv>page-diagnostics-configurationhistory</priv>
<priv>page-diagnostics-cpuutilization</priv>
<priv>page-diagnostics-crash-reporter</priv>
<priv>page-diagnostics-edit</priv>
<priv>page-diagnostics-factorydefaults</priv>
<priv>page-diagnostics-haltsystem</priv>
<priv>page-diagnostics-interfacetraffic</priv>
<priv>page-diagnostics-logs-dhcp</priv>
<priv>page-diagnostics-logs-firewall</priv>
<priv>page-diagnostics-logs-pptpvpn</priv>
<priv>page-diagnostics-logs-settings</priv>
<priv>page-diagnostics-logs-system</priv>
<priv>page-diagnostics-nanobsd</priv>
<priv>page-diagnostics-packetcapture</priv>
<priv>page-diagnostics-patters</priv>
<priv>page-diagnostics-ping</priv>
<priv>page-diagnostics-rebootsystem</priv>
<priv>page-diagnostics-resetstate</priv>
<priv>page-diagnostics-restart-httpd</priv>
<priv>page-diagnostics-routingtables</priv>
<priv>page-diagnostics-showstates</priv>
<priv>page-diagnostics-statessummary</priv>
<priv>page-diagnostics-tables</priv>
<priv>page-diagnostics-traceroute</priv>
<priv>page-diagnostics-wirelessstatus</priv>
<priv>page-firewall-alias-edit</priv>
<priv>page-firewall-alias-import</priv>
<priv>page-firewall-aliases</priv>
<priv>page-firewall-nat-1-1</priv>
<priv>page-firewall-nat-1-1-edit</priv>
<priv>page-firewall-nat-outbound</priv>
<priv>page-firewall-nat-outbound-edit</priv>
<priv>page-firewall-nat-portforward</priv>
<priv>page-firewall-nat-portforward-edit</priv>
<priv>page-firewall-rules</priv>
<priv>page-firewall-rules-edit</priv>
<priv>page-firewall-schedules</priv>
<priv>page-firewall-schedules-edit</priv>
<priv>page-firewall-trafficshaper</priv>
<priv>page-firewall-trafficshaper-layer7</priv>
<priv>page-firewall-trafficshaper-limiter</priv>
<priv>page-firewall-trafficshaper-queues</priv>
<priv>page-firewall-trafficshaper-wizard</priv>
<priv>page-firewall-virtualipaddress-edit</priv>
<priv>page-firewall-virtualipaddresses</priv>
<priv>page-getserviceproviders</priv>
<priv>page-getstats</priv>
<priv>page-hidden-detailedstatus</priv>
<priv>page-hidden-execraw</priv>
<priv>page-hidden-nolongerincluded</priv>
<priv>page-hidden-uploadconfiguration</priv>
<priv>page-interfaces</priv>
<priv>page-interfaces-assignnetworkports</priv>
<priv>page-interfaces-gif</priv>
<priv>page-interfaces-gif-edit</priv>
<priv>page-interfaces-gre</priv>
<priv>page-interfaces-gre-edit</priv>
<priv>page-interfaces-groups</priv>
<priv>page-interfaces-ppps</priv>
<priv>page-interfaces-ppps-edit</priv>
<priv>page-interfaces-wireless</priv>
<priv>page-interfaces-wireless-edit</priv>
<priv>page-interfacess-groups</priv>
<priv>page-interfacess-lagg</priv>
<priv>page-interfacess-qinq</priv>
<priv>page-ipsecxml</priv>
<priv>page-loadbalancer-pool</priv>
<priv>page-loadbalancer-pool-edit</priv>
<priv>page-loadbalancer-virtualserver-edit</priv>
<priv>page-openvpn-client</priv>
<priv>page-openvpn-csc</priv>
<priv>page-openvpn-server</priv>
<priv>page-package-edit</priv>
<priv>page-package-settings</priv>
<priv>page-pfsensewizardsubsystem</priv>
<priv>page-pkg-mgr-settings</priv>
<priv>page-requiredforjavascript</priv>
<priv>page-services-captiveportal</priv>
<priv>page-services-captiveportal-allowedhostnames</priv>
<priv>page-services-captiveportal-allowedips</priv>
<priv>page-services-captiveportal-editallowedhostnames</priv>
<priv>page-services-captiveportal-editallowedips</priv>
<priv>page-services-captiveportal-editmacaddresses</priv>
<priv>page-services-captiveportal-filemanager</priv>
<priv>page-services-captiveportal-macaddresses</priv>
<priv>page-services-captiveportal-voucher-edit</priv>
<priv>page-services-captiveportal-vouchers</priv>
<priv>page-services-dnsforwarder</priv>
<priv>page-services-dnsforwarder-editdomainoverride</priv>
<priv>page-services-dnsforwarder-edithost</priv>
<priv>page-services-dynamicdnsclient</priv>
<priv>page-services-dynamicdnsclients</priv>
<priv>page-services-igmpproxy</priv>
<priv>page-services-loadbalancer-monitor</priv>
<priv>page-services-loadbalancer-monitor-edit</priv>
<priv>page-services-loadbalancer-relay-action</priv>
<priv>page-services-loadbalancer-relay-action-edit</priv>
<priv>page-services-loadbalancer-relay-protocol</priv>
<priv>page-services-loadbalancer-relay-protocol-edit</priv>
<priv>page-services-loadbalancer-virtualservers</priv>
<priv>page-services-pppoeserver</priv>
<priv>page-services-pppoeserver-eidt</priv>
<priv>page-services-rfc2136clients</priv>
<priv>page-services-snmp</priv>
<priv>page-services-wakeonlan</priv>
<priv>page-services-wakeonlan-edit</priv>
<priv>page-status-captiveportal</priv>
<priv>page-status-captiveportal-test</priv>
<priv>page-status-captiveportal-voucher-rolls</priv>
<priv>page-status-captiveportal-vouchers</priv>
<priv>page-status-carp</priv>
<priv>page-status-cpuload</priv>
<priv>page-status-dhcpleases</priv>
<priv>page-status-filterreloadstatus</priv>
<priv>page-status-gatewaygroups</priv>
<priv>page-status-gateways</priv>
<priv>page-status-interfaces</priv>
<priv>page-status-ipsec</priv>
<priv>page-status-ipsec-sad</priv>
<priv>page-status-ipsec-spd</priv>
<priv>page-status-loadbalancer-pool</priv>
<priv>page-status-loadbalancer-virtualserver</priv>
<priv>page-status-openvpn</priv>
<priv>page-status-packagelogs</priv>
<priv>page-status-rrdgraph-settings</priv>
<priv>page-status-rrdgraphs</priv>
<priv>page-status-services</priv>
<priv>page-status-systemlogs-ipsecvpn</priv>
<priv>page-status-systemlogs-loadbalancer</priv>
<priv>page-status-systemlogs-openntpd</priv>
<priv>page-status-systemlogs-openvpn</priv>
<priv>page-status-systemlogs-portalauth</priv>
<priv>page-status-systemlogs-ppp</priv>
<priv>page-status-trafficgraph</priv>
<priv>page-status-trafficshaper-queues</priv>
<priv>page-status-upnpstatus</priv>
<priv>page-system-advanced-admin</priv>
<priv>page-system-advanced-firewall</priv>
<priv>page-system-advanced-misc</priv>
<priv>page-system-advanced-network</priv>
<priv>page-system-advanced-notifications</priv>
<priv>page-system-advanced-sysctl</priv>
<priv>page-system-authservers</priv>
<priv>page-system-camanager</priv>
<priv>page-system-certmanager</priv>
<priv>page-system-crlmanager</priv>
<priv>page-system-firmware-autoupdate</priv>
<priv>page-system-firmware-checkforupdate</priv>
<priv>page-system-firmware-manualupdate</priv>
<priv>page-system-firmware-settings</priv>
<priv>page-system-gatewaygroups</priv>
<priv>page-system-gateways</priv>
<priv>page-system-gateways-editgateway</priv>
<priv>page-system-gateways-editgatewaygroups</priv>
<priv>page-system-generalsetup</priv>
<priv>page-system-groupmanager</priv>
<priv>page-system-groupmanager-addprivs</priv>
<priv>page-system-license</priv>
<priv>page-system-login/logout</priv>
<priv>page-system-packagemanager</priv>
<priv>page-system-packagemanager-installed</priv>
<priv>page-system-packagemanager-installpackage</priv>
<priv>page-system-staticroutes</priv>
<priv>page-system-staticroutes-editroute</priv>
<priv>page-system-usermanager</priv>
<priv>page-system-usermanager-addprivs</priv>
<priv>page-system-usermanager-passwordmg</priv>
<priv>page-system-usermanager-settings</priv>
<priv>page-system-usermanager-settings-testldap</priv>
<priv>page-upload_progress</priv>
<priv>page-vpn-ipsec</priv>
<priv>page-vpn-ipsec-editkeys</priv>
<priv>page-vpn-ipsec-editphase1</priv>
<priv>page-vpn-ipsec-editphase2</priv>
<priv>page-vpn-ipsec-listkeys</priv>
<priv>page-vpn-ipsec-mobile</priv>
<priv>page-vpn-vpnl2tp</priv>
<priv>page-vpn-vpnl2tp-users</priv>
<priv>page-vpn-vpnl2tp-users-edit</priv>
<priv>page-vpn-vpnpptp</priv>
<priv>page-vpn-vpnpptp-user-edit</priv>
<priv>page-vpn-vpnpptp-users</priv>
<priv>page-xmlrpcinterfacestats</priv>
<priv>page-xmlrpclibrary</priv></group>
When I reload the config the group seems to correctly reflect the new privaleges above, missing the Bridge pages (plus a few others I removed), but the pages are still accessable and I can still Bridge interfaces. Have I done something silly?
Thanks very much in advance!
M.</system>
- <system><optimization>normal</optimization>
-
When I reload the config the group seems to correctly reflect the new privaleges above, missing the Bridge pages (plus a few others I removed), but the pages are still accessable and I can still Bridge interfaces. Have I done something silly?
Thanks very much in advance!
M.
To answer my own question, if I add a new users in the group Admins it inherits the correct permissions. This is fine but I'd rather disable admin for Bridging as well, is the admin user inheriting it's permissions from somwhere else as well?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.