Roles and Permissions
In GFI OneGuard, roles are made up of a set of pre-configured permissions. Active DirectoryA technology that provides a variety of network services, including LDAP-like directory services. users and groups can then be assigned a role, inheriting the role permissions when accessing GFI OneGuard.
To access and configure roles and permissions, login to GFI OneGuard and click 
(Settings). Click Roles and Permissions from the left pane.
Configuring Roles and Permissions
In the Roles area you can view existing roles or create new ones. There is no limit to the number of roles that can be created.
Click on a role to view its configured permissions.
Creating a new role
To create a new role:
- Click New role.
Creating a new role
- In the Name field, key in a friendly name for the new role.
- In the Description field, type the description of the intended use of the new role.
- Select the type of role from the following options:
| Type | Description |
|---|---|
| PlatformThe main component of GFI OneGuard that connects all the services offered by the product and the database that stores all collected information. Role | A set of permissions that enable users to perform specific actions on the platform. This Platform role type can be configured to access and configure: Reporting, System settings and network Activity. |
| Manage group role | A role that allows users to access and configure groups, devices, policies, services and jobs. |
- Select the permissions to allow or deny according to the scope of the role being configured. Note that roles cannot be created with all permissions denied.
- Click Save Settings.
After creating the role, you may now start adding users or groups to the role. For more information refer to Role assignment.
Editing an existing role
To edit an existing role:
- Click
next to the role to modify. - In the Name field, change the role name as required.
- In the Description field, change the role description as required.
- Select the permissions to allow or deny according to the scope of the role being configured.
- Click Save Settings.
Role assignment
Active Directory users or groups can be assigned to roles . Users logging in to GFI OneGuard will be provided access to the features configured to their assigned role.
Each role assignment can have one Platform role but multiple Manage group roles.
Roles can be assigned to Active Directory Groups and Users on the local domain where GFI OneGuard is installed.
Note that roles assigned to individual users have higher priority than group assignments. The order of priority of group assignments is configurable, and users that are part of multiple groups inherit the role assigned to the higher priority group.
By default, the administrative group configured during the post-installation wizard (when GFI OneGuard is loaded the first time) are granted full permissions.
Assigning a role in GFI OneGuard
To assign a role to a user or group:
- Click Assign role.
Configuring role assignments
- In the User/Group field, start typing the name of an Active Directory user or group to assign. Names or groups that are not available in Active Directory are not recognized.
- From the Platform role drop down list, select a platform role. Each user or group can only have one platform role.
- From the Manage group role drop down list, select a role, then select GFI OneGuard groups from the popup window. A user/group can be assigned multiple Manage group roles. Click Add manage group role to add another manage group role for the user/group being configured.
- Click Save Settings.