How to effectively set user permissions in Gaia OS

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk94491
Technical Level
Product	Quantum Security Gateways, Quantum Security Management, Multi-Domain Security Management
Version	R77 (EOL), R77.10 (EOL), R77.20, R77.30 (EOL), R80 (EOL), R80.10 (EOL), R80.20, R80.30
OS	Gaia
Platform / Model	All
Date Created	22-Aug-2013
Last Modified	02-Jun-2019

Solution

Table of Contents:

How to effectively set user permissions in Gaia OS
Setting expert mode access permissions in Gaia OS
Documentation

How to effectively set user permissions in Gaia OS

The Gaia operating system has a granular Role Based Administration (RBA) system.

Each administrator managing the Gaia OS should have his own user account. This user account should be assigned with a Gaia OS role, granting the appropriate permissions to Gaia OS features.

The Gaia pre-defined 'admin' account is assigned with the 'adminRole', which grants full permissions to all features. The 'admin' account should be used by the most privileged administrator since it has ultimate control over the machine.

There are several Gaia OS 'power features', which provide a user (who is permitted to use them via an assigned role) with a privilege level equivalent to that of 'adminRole'.

List of RBA 'power features':

Feature Name in Gaia Portal	Feature Name in Clish shell	Allowed actions
Users	`user`	Change default shell to `/bin/bash`
Roles	`rba`	Assign sensitive roles
Expert Mode	`expert`	Run the "`expert`" command
Expert Password	`expert-password`	Change the expert password
Expert Password Hash	`expert-password-hash`	Replace expert password hash
Authentication Servers	`aaa-servers`	Define an external authentication server
Job Scheduler	`cron`	Define a scheduled job
Extended Commands	`command`	Define a new Clish command
Display Configuration	`configuration`	Show, save and load Gaia OS configuration
Backup	`backup`	Create a backup and restore from a backup
Scheduled Backup	`scheduled_backup`	Define a scheduled backup
Snapshot	`snapshot`	Create a full backup (snapshot) and revert to a full backup (snapshot)
Manage Images	`manage-image`	Manage full backups (snapshots) - create, revert
Installation	`ftw`	Run First Time Configuration Wizard from Gaia Portal
System Groups	`group`	Assign users to groups
config_system	`ext_config_system`	Run First Time Configuration Wizard from Clish shell

Setting expert mode access permissions in Gaia OS

To effectively block Expert mode access to a user, create a role, which does not include any of features mentioned above and assign that role to the user.

Documentation

For further information on configuring Users and Roles in Gaia OS, refer to Gaia Administration Guide (R77 , R80.10 , R80.20 , R80.30) - Chapter 'User Management'.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating