SnapGear 2.0.1 User Manual
Page 166
System
162
Administration
A user with the administration access control is permitted to edit any configuration file on
the CyberGuard SG appliance. It should be given to trusted users who are permitted to
configure and reconfigure the unit.
Diagnostic
The diagnostic access control allows a user to view status reports, the technical support
report, the system log and other read only pages. No capability is granted to allow such
a user to edit any of the configuration on the CyberGuard SG appliance. This access
control can be granted to technical support users so they can attempt to diagnose but not
fix any problems which occur.
Encrypted save/restore all
A user with this access control can dump and restore the entire CyberGuard SG
appliance's configuration via the encrypted save and restore option on the Advanced
page. Such a user cannot edit the configuration nor even see the configuration files
themselves. This access control can be allocated to a technician whom you want to be
able to restore units to a known good configuration but to whom you do not wish to grant
full administration rights.
User settings
A user with this access control can edit users' login information, create new users and
modify access controls for other users. Without this access control, users can only
change their own passwords. Because this access control allows a user to edit their own
permissions, it is best left such that only the root user has it.
The root user is special. This user alone has one access control which cannot be
removed. The root user is always able to edit user settings and thus they can grant
themselves any access control if need be. The root user also has the capability to set
User ID and Group ID when editing or creating users. It is best to leave these fields
blank when creating a new user as this lets the CyberGuard SG appliance automatically
allocate and manage them.
If somebody with the user settings access control attempts to edit the root user (apart
from root themselves), they must enter the administrative password (i.e. the password for
the root account).