FastX Permissions

Admins can to fine tune permissions for users and groups groups. Permissions automatically disable or hide extra actions further removing abilities from the end user.  This gives the admin extra control in creating a product that fits the needs of the company.

Permission Levels

The permission levels are as follows

  • Logged Out — A logged out user has not logged in yet.  There is little the user can do aside from log in.
  • Disabled — A user who has been explicitly disabled.
  • Limited User — A limited user can perform a subset of user level actions as defined by the administrator.  Actions include starting and interacting with sessions, creating bookmarks, viewing the users own user profile etc.
  • Full User — A full user can perform ALL the user level actions available to him.
  • Manager — A manager can perform a limited subset of manager actions.  Manager actions include interacting with sessions that the manager does not own, viewing server information, viewing user info etc.  
  • Admin — Admins have full user permissions as well as full manager permissions.  Admins also have special access to the System section of the FastX Web Server which allows them to configure FastX.
  • Superadmin — A superadmin is the user who owns the FastX web server process.  This user always has admin permissions whether he is in the admin group or not.  In a standard setup, the superadmin is a user named fastx.  This user does not have a login shell by default.

Enabling Permissions

Permissions are defined by the username or group.  By default, special permissions (ie, manager and limited user) are turned off.  

Enable permissions in Admin > Users > Permissions

Manually Setting Permissions

Permissions can be set by hand. Edit the $FX_CONFIG_DIR/permissions.ini file

Limited User Permissions

Once you have defined your user groups, the next step is to restrict permissions for any user who is not an admin or who is not in a Full User Group.  Click on the Limited User Permissions tab and uncheck any permission you want to disallow.  Then Save.  

Manager Permissions

If you have enabled manager permissions, click on the Manager Permissions tab and select any permissions you want the manager to have.  Note, these are permissions that managers can do on other users.  Specifically, the Connect Session Action will allow a manager to log in to a running session of a different user.  For security purposes, it is often a good idea to disable this action.  (Note, admins always have full user and manager permissions).