Restricted user logging into webui does NOT defautl to dahsboard



  • EDIT: This has been found by, and described much better by, someone else, and is described in this thread:
    https://forum.pfsense.org/index.php?topic=70776.0
    basically, whatever right you assign last to a user through a group, that will be their start page.

    I need some help here - I have a user that is not allowed access to all secitons of the UI, but the ARE allowed access to the dashboard and widgets:
    WebCfg - Dashboard (all)
    WebCfg - Dashboard widgets (direct access)

    When this user logs in, under 2.1.4 they were taken to the Diagnostics: System Activity page, and I was troubleshooting that when 2.1.5 was released last week. 
    I rebuilt the firewall in 2.1.5 (form the image, I did NOT update the 2.1.4 instance), installed all packages I wanted, and restored a backup from 2.1.4.  Packages re-installed fine after that and everything is working, but now when the restricted user logs in, they are taken to Status: Sarg Reports.

    How do I force it so that when a user logs in, they are always taken to the dashboard?  When I login as admin, I am always taken to the dashboard, that's what I want for any other local users I create…perhaps I'm missing a permission?

    Below I've attached all the permissions granted to the restricted user:

    WebCfg - Diagnostics: System Activity Allows access to the 'Diagnostics: System Activity' page
    WebCfg - Diagnostics: Authentication page Allow access to the 'Diagnostics: Authentication' page.
    WebCfg - Diagnostics: CPU Utilization page Allow access to the 'Diagnostics: CPU Utilization' page.
    WebCfg - Diagnostics: Interface Traffic page Allow access to the 'Diagnostics: Interface Traffic' page.
    Diagnostics: Limiter Info Allows access to the 'Diagnostics: Limiter Info' page
    WebCfg - Diagnostics: Logs: Firewall page Allow access to the 'Diagnostics: Logs: Firewall' page.
    WebCfg - Diagnostics: Logs: Gateways page Allow access to the 'Diagnostics: Logs: System: Gateways' page.
    WebCfg - Diagnostics: Logs: VPN page Allow access to the 'Diagnostics: Logs: VPN' page.
    WebCfg - Diagnostics: Logs: Resolver page Allow access to the 'Diagnostics: Logs: System: Resolver' page.
    WebCfg - Diagnostics: Logs: Settings page Allow access to the 'Diagnostics: Logs: Settings' page.
    WebCfg - Diagnostics: Ping page Allow access to the 'Diagnostics: Ping' page.
    WebCfg - Diagnostics: Routing tables page Allow access to the 'Diagnostics: Routing tables' page.
    WebCfg - Diagnostics: Traceroute page Allow access to the 'Diagnostics: Traceroute' page.
    WebCfg - Firewall: Aliases page Allow access to the 'Firewall: Aliases' page.
    WebCfg - Firewall: NAT: 1:1 page Allow access to the 'Firewall: NAT: 1:1' page.
    Webcfg - Firewall: NAT: NPT page Allow access to the 'Firewall: NAT: NPT' page.
    WebCfg - Firewall: NAT: Outbound page Allow access to the 'Firewall: NAT: Outbound' page.
    WebCfg - Firewall: NAT: Port Forward page Allow access to the 'Firewall: NAT: Port Forward' page.
    WebCfg - Firewall: Rules page Allow access to the 'Firewall: Rules' page.
    WebCfg - Firewall: Virtual IP Addresses page Allow access to the 'Firewall: Virtual IP Addresses' page.
    WebCfg - Help pages Show all items on help menu
    WebCfg - OpenVPN: Client page Allow access to the 'OpenVPN: Client' page.
    WebCfg - OpenVPN: Client Specific Override page Allow access to the 'OpenVPN: Client Specific Override' page.
    WebCfg - OpenVPN: Server page Allow access to the 'OpenVPN: Server' page.
    WebCfg - Status: CPU load page Allow access to the 'Status: CPU load' page.
    WebCfg - Dashboard widgets (direct access). Allow direct access to all Dashboard widget pages, required for some widgets using AJAX.
    WebCfg - Status: Interfaces page Allow access to the 'Status: Interfaces' page.
    WebCfg - Status: IPsec page Allow access to the 'Status: IPsec' page.
    WebCfg - Status: OpenVPN page Allow access to the 'Status: OpenVPN' page.
    WebCfg - Status: RRD Graphs settings page Allow access to the 'Status: RRD Graphs: settings' page.
    WebCfg - Status: RRD Graphs page Allow access to the 'Status: RRD Graphs' page.
    WebCfg - Status: Traffic Graph page Allow access to the 'Status: Traffic Graph' page.
    WebCfg - Dashboard (all) Allow access to all pages required for the dashboard.
    WebCfg - Status: Sarg reports Allow access to sarg reports page. delete
    WebCfg - OpenVPN: Client Export Utility Allow access to the OpenVPN: Client Export Utility page.

    Any help would be greatly appreciated, thanks!

    UPDATE: I just found this in the log file:
    php: /index.php: client_admin@74.204.0.4 attempted to access /index.php but does not have access to that page. Redirecting to diag_system_activity.php.
    So, apparently none of the rights granted to the client_admin user give it the rights to view index.php? Not entirely certain what to make of this.



  • One additional piece of information - I just deleted and re-created the account, and now the user defaults to the Diagnostics: System Activity page again…. not sure how this works, obviously :)