There are security levels 1, 2, 3, 4, 5, 6, 7, 8. These are not
levels as such, i.e. 8 is not
better that 1 - they are just 8
different settings.
Each of the settings in the FireBrick has a level defined. It is in the
setup for each filter, mapping, route, etc.
Each user has a 8 check boxes, one for each level, defining the
view settings. When logged in as a
user, you can only view
settings on the levels which you have ticked. If you have all 8 levels
ticked you can view anything.
Each user also has 8 check boxes, one for each level, defining the
edit settings. If you can view a
setting, you can access the setting page for it, but you can only save
changes to that setting if it is on a security level where you have
edit selected. If you have all 8
levels ticked then you can change anything.
There are also security settings for the top level menus. These also
define the default setting applied when you erase something. They also
define whether you can see the icon and list of items. E.g. if filters
are set for level 1, then you can only see the filters icon if you have
level 1 view rights ticked.
Changing security levels
You can change the security level of anything which you have edit
rights to. If you change it to a level for which you do not have edit
rights then you will not be able to change it back. If you change it to
a level for which you do not have view rights, then you will not even
be able to see it.
Changing your view/edit rights
You can edit any users view and edit rights if you have edit rights for
the security level for that user. i.e. users have a security level just
like any other settings. However, you cannot give or take away any
rights for any user which you do not yourself have. You do not see the
check boxes for those levels when you edit that user. This applies to
your own settings too. So, if you remove your own rights you cannot
give yourself them back!
Nobody user
The nobody user is a special user - it defines the rights that apply
when not logged in. These can be as comprehensive as any other user.
You can make a brick allow complete view and edit or all 8 levels
without logging in even, if you want to, though this is not recommended.
Initially the nobody user can view and edit level 1, which allows it to
set a password for the admin user. You can then log in as the admin
user which gives full view and edit rights for all 8 levels. It is
recommended that you always have at least one user with all rights. If
not, you can never get those rights back as there is no login that will
be able to tick them in the user settings.
Special settings
There are settings for upgrade
and config in the setup menu
under security. These specifically relate to loading new software, and
to loading or saving the config. This means you could make a user that,
for example, can save the config or load new software and nothing else.
This may be useful for some remote script that regularly archives the
config, and updates bricks with new releases.
Settings for top level (icons)
For each top level setting there is a security level under
settings/security. This controls if the top level icon (e.g. filters)
is visible.
However, it is possible for a edit to have view or edit rights to an
individual setting and not have the top level ability to list the
settings. This can be useful, for example, for manual controlled
profiles. If a user has rights to change one, then it will appear in
the main login page as a check box, but not offer the profiles icon
itself to allow listing of profiles. You can also time control when
this is visible even.