Managing Roles
You can create, edit, and remove roles from the Administration→Roles page. On this page you can also list the members belonging to the selected role and where the role grants access to.
A role consists of:
-
Rules: Filters for specifying the members of the role.
-
Permissions: Allow specific management and viewing options.
-
SSH Options: Allow SSH options.
-
Contextual Restrictions: Restrict role validity by time and client address.
-
Principal Keys: Cryptographic keys that allow role members to connect using Public-Key Authentication.
For more information about granting access to target hosts, see Granting Access to Hosts.
Note
Role changes take effect within 1 - 5 minutes.
Settings pages in the GUI require both
view-
andmanage-
permissions. For example, a PrivX user needs roles-view
androles-manage
to access Administration→Roles.Before restricting the Allowed remote addresses, ensure that meaningful user addresses are included in the
X-Forwarded-For
header. If the header includes multiple addresses, select one of them by configuringstrip_how_many_x_forwarded_for_client_ips
in/opt/privx/etc/shared-config.toml
.
Updated 7 months ago