The Management Users page provides control over the users designated to administer the filter and/or access sensitive features such as VPN services. The default management user is called
root — this user can not be removed and has unlimited Web-management access, but can not be used for VPN and SSH access. Any number of additional users may be added with any combination of Web-management privileges, VPN access, and SSH access.
Checking this box grants the user access to PPTP and L2TP VPN services, if they are configured on the VPN page.
Checking this box grants unlimited Web-management access (like the
root user has). Due to the high level of visibility and control provided by SSH, enabling this option is also necessary to provide SSH access to a user.
Check Grant access to Web-management interface to allow a user to log in to the Web-management interface. This grants access to overview and documentation pages by default. Access to additional pages can be provided by selecting a page from the Available pages list and moving it to the Accessible pages list. Note that the Management Users page itself is restricted to those users with Super-user access .
Access to the Group Permissions page is special in that users can be restricted to managing only specific groups. To enable management access to all groups, including the ability to create, rename, and delete them, check Grant access to all groups . Otherwise, move the groups the user should have control over from the Available groups list to the Manageable groups list. These settings are only relevant to users with Group Permissions access.
OR, while filters of different types are combined by logical
AND. For example, if one Group filter is added for the
ms_studentsgroup, and another for the
hs_studentsgroup, the user in question will only be able to view reporting activity for those two groups. The user can not disable these filters, but they can restrict them to one of the two (or add filters of other types restricting the results further). Exclude filters can also be added, so that for example a user can be granted access to view activity for all users of a group except one. If the user provides filters that conflict with the administrator-provided ones, no results will be returned.
SSH provides command-line (console) access to the filter's operating system. This is a very powerful and potentially dangerous feature which should be used with extreme caution, as it exposes sensitive information (such as passwords) and the possibility to disrupt or damage the filter. To enable SSH access for a user, ensure that Super-user access is checked, check Grant SSH access , and then paste one or more public keys into the box below. Public keys may be provided in either OpenSSH or SSH2 (PuTTY) format.