How to Restrict Access to the Portal?

Owned by Agat Support
Last updated: Apr 13, 2022 by Avi J. Levin (Unlicensed)
2 min read



This table is used to restrict and allow LDAP users and groups from accessing the different areas on the Admin Portal. The portal is composed of 3 areas:

  • End User Area -the self-service section in which users can register and managed their devices
  • General Admin Area - the general administration section in which operators can manage the devices and policies. This also includes, the Reports and Support & Maintenance menus.
  • Settings Admin Area -the settings administration section in which the system administrators can configure the SphereShield suite components.


This table defines the access scope permissions Each scope that was not specifically defines will allow any user to access. 

The access levels are: 

  • End User Access– users and groups that only they can view the End User Area.
  • Admin without Settings Access - users and groups that only they can view the General Admin Area, but does not have access to the Settings Admin Area.
  • Admin with Settings Access- users and groups that only they can view the General Admin Area including access to the Settings Admin Area.
  • Admin Selective Menu Items Access-users and groups that can view only specific menu items from the Access Portal Admin Area.

If a user is defined in more than one group than the group with the widest scope of access will be applied 

These groups are fetched from an LDAP resource as defined in LDAP settings





1)   Go to Settings -> Site Security then click Add.


 


There are four types of access scopes. With the exception of selective menu, any scope that hasn't been defined to a specific group or user means that all users are able to access.

Based on that, in most cases no setting is needed for End User Area.

However for Admin without settings and for Admin with settings (Full admin) a group is needed.


2)   Once the Add window is open, select the scope you wish to define.



3)   Verify that the Domain is correct.

4)   Choose the access type: Groups or Users

5)   Start typing the name of the group. If LDAP settings are correct, then typing at least the first two letters of a group name should pull the group name from the AD.


Note that the same group can be defined for both admin with settings and admin without settings to prevent end users from entering restricted sections.

If the same group is defined for multiple scopes, then the higher privilege settings wins. 

E.g. Setting admin with settings and admin without settings to the group Domain admins means that Domain admins group will have access to the full access portal site.