Privileges by Groups of user



  • Hi Gurus
    I have a doubt
    Wel In my company exist differents areas, for example Account, Engineers, Operations & Mantaince, directors and managers
    So for example Account area have three user (3 IP's belongs to this area)
    Engineer have Four user, so these area have 4 IP address
    Operations & Mantaince  have five user, This area has IP's address
    Directors and manager, five users (Five IP address)
    The need is to create groups

    For example Directors and Manager must be access to any pages (like youtube, Social Networks, Banks, etc)
    Operations & Mantaince Only must be acces to certain types of pages like hotmail. yahoo mail, gmail, and blocks social media (like facebook or twitters)
    Engineers must be access to hotmail, gmail and block youtube
    Account only must be acces to bank webs and block the rest of web

    Let me know if existe any module that I must be install to obtain the need lines above explain, Or any other suggestion how to manages this type of requeriments

    Best regard



  • Squid and SquidGuard are what you need.  Squid does the caching and SquidGuard does the filtering.  The tricky part is that a lot of sites are going HTTPS, which means you either need to force the use of Squid as a web proxy for al your client systems, or install SSL certificates created by pfSense on all client systems.



  • Hi KOM
    thanks for your suggestion. So let me know if with squidguard I can create group (like Account, Engenier, operation, Research and Development, VIP area, guest) and the permit web pages is by groups.

    For example, Operation can access to gmail.com
    Account only access to gmail and pages of banks
    Engineers, only access to gmail and pages of universities
    Research and Development access to any pages

    I think that the profile that you apply to squidguard apply to all user, So all users have the same profile



  • Well, Squid and SquidGuard are common FOSS packages for doing caching and filtering, so you could actually download those packages and try for yourself.  Or, you could use a search engine to read up on the documentation to get most of your answers.

    Yes, you can create custom groups.  No, there is not just one common profile/group.  Look into Group ACL.