Managing Roles

You can create, edit, and remove roles from the Administration→Roles page. On this page you can also list the members belonging to the selected role and where the role grants access to.

A role consists of:

  • Rules: Filters for specifying the members of the role.

  • Permissions: Allow specific management and viewing options.

  • SSH Options: Allow SSH options.

  • Contextual Restrictions: Restrict role validity by time and client address.

  • Principal Keys: Cryptographic keys that allow role members to connect using Public-Key Authentication.

For more information about granting access to target hosts, see Granting Access to Hosts.

Role changes take effect within 1 - 5 minutes.

Settings pages in the GUI require both view- and manage- permissions. For example, a PrivX user needs roles-view and roles-manage to access Administration→Roles.

Before restricting the Allowed remote addresses, ensure that meaningful user addresses are included in the X-Forwarded-For header. If the header includes multiple addresses, select one of them by configuring strip_how_many_x_forwarded_for_client_ips in /opt/privx/etc/shared-config.toml.

Was this page helpful?