Local user Effective System Privileges problem….
I have deployed pfsense on 3 different remote sites and at each site a user account i.e. “acct” with effective system privileges to create users and groups, change password and check captive portal status is created. No other system privilege is given to "acct" user. This “'acct”user is maintaining pfsense local database for user accounts for captive portal authentication to allow access to Internet. There are more than 100 user accounts in each pfsense server at each location.
Sometimes at any of 3 sites, “acct” user assigns unnecessary effective system privileges to any user account (maybe by mistake) and that privileged user, later on changes the settings of pfsense like allow banned sites or disable captive portal page on LAN so that users can use Internet without filtering etc.
This halts the working of pfsense at that remote site and I have to edit every user's account to check and remove unnecessary effective system privileges assigned to that user account.
Is it possible that “acct” user can be given rights only to create users and groups and assign only one effective system privilege to users i.e. to change their password only and that “acct” user cant assign any other effective system privileges to the users?
Or is there a way to check and see effective system privileges to a user without editing every user account?
I have a suggestion….
On the page-> System: User Manage: Add Privileges, every system privilege must be assigned a unique number (1,2,3,...) i.e system privilege "WebCfg - System: User Password Manager page" is assigned a number 10.
On the page -> System:User Manager - User; there are four columns: Username - Fullname - Disabled - Groups. There add a new 5th column named as "Effective system privileges" which shows the numbers of the privileges that are assigned to a user. So by just looking at the numbers in effective system privileges column one can see what kind of privileges are assigned to which user.
This ll be a great help.