Managing Roles

You can create, edit, and remove roles from the ​Administration→Roles​​ page. On this page you can also list the members belonging to the selected role and where the role grants access to.

A role consists of:

• ​​Rules​​: Filters for specifying the members of the role.

• ​​Permissions​​: Allow specific management and viewing options.

• ​​SSH Options​​: Allow SSH options.

• ​​Contextual Restrictions​​: Restrict role validity by time and client address.

• Principal Keys: Cryptographic keys that allow role members to connect using Public-Key Authentication.

For more information about granting access to target hosts, see Granting Access to Hosts.

📘

Note

Role changes take effect within 1 - 5 minutes.

​Settings​ pages in the GUI require both ​view-​ and ​manage-​ permissions. For example, a PrivX user needs ​roles-view​ and ​roles-manage​ to access ​Administration→Roles​​.

Before restricting the ​Allowed remote addresses​​, ensure that meaningful user addresses are included in the ​X-Forwarded-For​ header. If the header includes multiple addresses, select one of them by configuring ​strip_how_many_x_forwarded_for_client_ips​ in ​/opt/privx/etc/shared-config.toml​​.