FastX Permissions Guide

Background

FastX adds the ability to fine tune permissions for user groups so in order to limit the actions a user is allowed to perform.  Permissions automatically disable or hide extra actions further removing abilities from the end user.  This gives the admin extra control in creating a product that fits the needs of the company.

Getting Started With Permissions

Permission Levels

The permission levels are as follows

Logged Out

A logged out user has not logged in yet.  There is little the user can do aside from log in.

Disabled

A user who has been explicitly disabled.

Limited User

A limited user can perform a subset of user level actions as defined by the administrator.  Actions include starting and interacting with sessions, creating bookmarks, viewing the users own user profile etc.

Full User

A full user can perform ALL the user level actions available to him.

Manager

A manager can perform a limited subset of manager actions.  Manager actions include interacting with sessions that the manager does not own, viewing server information, viewing user info etc.  

Admin 

Admins have full user permissions as well as full manager permissions.  Admins also have special access to the System section of the FastX Web Server which allows them to configure FastX.

Superadmin

A superadmin is the user who owns the FastX web server process.  This user always has admin permissions whether he is in the admin group or not.  In a standard setup, the superadmin is a user named fastx.  This user does not have a login shell by default.

Enabling Permissions

Permissions are defined by the Linux User Groups of the user.  By default special permissions (ie, manager and limited user) are turned off.  

In order to enable permissions

  1. Click on the System Menu
  2. Select Users > Permissions
  3. Check Enable Manager Permissions to enable managers
  4. Save the settings
  1. Check Enable User Permissions to enable limited users

Differences From Earlier Versions

  1. In previous versions of FastX Limited Users and Managers did not exist.  A Logged In user was either a Full User, an Admin, or the Superadmin.
    1. For backwards compatibility, the default installation disables fine tuned permissions making it equivalent to 3.0 and earlier versions
  2. Admins are now defined as users or linux groups. 

Limited User Permissions

Once you have defined your user groups, the next step is to restrict permissions for any user who is not an admin or who is not in a Full User Group.  Click on the Limited User Permissions tab and uncheck any permission you want to disallow.  Then Save.  

Manager Permissions

If you have enabled manager permissions, click on the Manager Permissions tab and select any permissions you want the manager to have.  Note, these are permissions that managers can do on other users.  Specifically, the Connect Session Action will allow a manager to log in to a running session of a different user.  For security purposes, it is often a good idea to disable this action.  (Note, admins always have full user and manager permissions).

Final Thoughts

Permissions provide new ways to separate your users into different user levels.  Different levels of access allow admins to follow the Principle of Least Privilege, giving different users the minimum level of power needed to complete the task.