Managing Roles
You can create, edit, and remove roles from the Administration→Roles page. On this page you can also list the members belonging to the selected role and where the role grants access to.
A role consists of:
Rules: Filters for specifying the members of the role.
Permissions: Allow specific management and viewing options.
SSH Options: Allow SSH options.
Contextual Restrictions: Restrict role validity by time and client address.
Principal Keys: Cryptographic keys that allow role members to connect using Public-Key Authentication.
For more information about granting access to target hosts, see Granting Access to Hosts.
Role changes take effect within 1 - 5 minutes.
Settings pages in the GUI require both view-
and manage-
permissions. For example, a PrivX user needs roles-view
and roles-manage
to access Administration→Roles.
Before restricting the Allowed remote addresses, ensure that meaningful user addresses are included in the X-Forwarded-For
header. If the header includes multiple addresses, select one of them by configuring strip_how_many_x_forwarded_for_client_ips
in /opt/privx/etc/shared-config.toml
.