Management Users - Cipafilter Documentation

Manual - Management Users

The Management Users page provides control over the users designated to administer the filter and/or access sensitive features such as VPN services.  The default management user is called root — this user can not be removed and has unlimited Web-management access, but can not be used for VPN and SSH access.  Any number of additional users may be added with any combination of Web-management privileges, VPN access, and SSH access.

Misc. Privileges

VPN access

Checking this box grants the user access to PPTP and L2TP VPN services, if they are configured on the VPN page.

Super-user access

Checking this box grants unlimited Web-management access (like the root user has).  Due to the high level of visibility and control provided by SSH, enabling this option is also necessary to provide SSH access to a user.

Web-Management Interface Privileges

Check Grant access to Web-management interface to allow a user to log in to the Web-management interface.  This grants access to overview and documentation pages by default.  Access to additional pages can be provided by selecting a page from the Available pages list and moving it to the Accessible pages list.  Note that the Management Users page itself is restricted to those users with Super-user access .

Group Permissions Group Privileges

Access to the Group Permissions page is special in that users can be restricted to managing only specific groups.  To enable management access to all groups, including the ability to create, rename, and delete them, check Grant access to all groups .  Otherwise, move the groups the user should have control over from the Available groups list to the Manageable groups list.  These settings are only relevant to users with Group Permissions access.

Reporting Filters

Access to the Web Reports feature can be restricted using overlay filters.  These "implicit" filters are  silently applied to all reports viewed by the user in the Web Reports system.  This allows administrators  to limit the viewing of reporting data to certain users or groups.  For example, a teacher may have access  to view student Web activity, but not the activity of other staff.

As on the Web Reports interface, multiple filters of the same type are combined by logical OR, while filters of different types are combined by logical AND.  For example, if one Group filter is added for the  ms_students group, and another for the hs_students group, the user in question will only be able to  view reporting activity for those two groups.  The user can not disable these filters, but they can restrict  them to one of the two (or add filters of other types restricting the results further).  Exclude filters can also  be added, so that for example a user can be granted access to view activity for all users of a group except  one.  If the user provides filters that conflict with the administrator-provided ones, no results will be  returned.

Currently, only Group and User overlay filters can be set from the interface.  Please note that autocomplete drop-downs are not affected by these filters (e.g., setting a Group filter does not prevent the  user from viewing the names of other groups).

SSH Privileges

SSH provides command-line (console) access to the filter's operating system.  This is a very powerful and potentially dangerous feature which should be used with extreme caution, as it exposes sensitive information (such as passwords) and the possibility to disrupt or damage the filter.  To enable SSH access for a user, ensure that Super-user access is checked, check Grant SSH access , and then paste one or more public keys into the box below. Public keys may be provided in either OpenSSH or SSH2 (PuTTY) format.


    • Related Articles

    • Manual

      This article provides links to the individual sections of the Cipafilter product manual.  A PDF of the Cipafilter product manual is attached to this article. Introduction Interface Conventions Installation Status Management Users Hot Spare ...
    • Manual - Group Permissions

      Permissions for groups of users are managed here. Each group has individual settings for the different filtering technologies available, as well as a separate whitelist and blacklist. On this page, you can also edit the global whitelist and blacklist ...
    • Manual - VPN

      End-User VPN Any user with the VPN access option checked on the Management Users page can access the local network via the Cipafilter's end-user (client-to-server) VPN services, if enabled.  The following protocols are supported: L2TP over IPsec ...
    • Manual - Installation

      In most cases you will want to consult with Cipafilter support to decide what way the router can best be installed to meet your needs.  A full over-the-phone consultation during installation is included in the standard one-year maintenance and ...
    • Manual - Customization

      The Customization page provides the ability to customize the appearance and functionality of the captive portal and reject (block) page. Although it is not required, all of the text fields on this page accept raw HTML.  Advanced users may wish to ...