We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

Role-based Administration Version 7 and Above

  • Last updated on

This article applies to the Barracuda Web Security Gateway running firmware version 7 and higher. For information that applies to version 6.x, see Role-based Administration 6.x.

The administrator of the Barracuda Web Security Gateway might choose to delegate certain administrative tasks such as scheduling and/or running reports, viewing Dashboard and log pages, or creating exceptions to policy.

On the ADVANCED > Delegated Admin page, you can create and manage account roles for existing users. You can use the Limit Access To setting to further restrict access for an account to data associated with local users, local groups and/or IP groups. The roles are enumerated below. To enable users with these roles to log into the Barracuda Web Security Gateway using their LDAP credentials, check the Use LDAP Authentication box on the page. Alternatively, you can assign a username and password to the role when you create it on the ADVANCED > Delegated Admin page.

The Policy Alerts feature enables you to have the Barracuda Web Security Gateway send an email alert to any role you specify, summarizing authenticated users who violate policy. The message will summarize actions (Warn, Block or Monitor) by the top violators of policies configured on the BLOCK/ACCEPT > Content Filter page and on the BLOCK/ACCEPT > Exceptions page. For details on configuration, see  Policy Alerts.

Roles and Permissions

Administrator

The administrator role has all permissions and is the only role that can create policies. The Limit Access To setting does not apply.

Read Only

This is the most restricted role, including access to all tabs in read-only mode and viewing (running, but not scheduling) reports. The Limit Access To setting does not apply. This role does not enable changing any settings.

Manage

The Manage role can view Dashboard and Log pages, view and schedule reports and create exceptions on the BLOCK/ACCEPT > Exceptions page. All other BLOCK/ACCEPT tabs are read-only. The following pages are disabled:

  • USERS/GROUPS
  • ADVANCED
  • BASIC > IP Configuration
  • BASIC > Administration

The Limit Access To setting applies.

Monitor

This role can view Dashboard and Log pages and can view and schedule reports. All BLOCK/ACCEPT pages are read-only. The following pages are disabled:

  •  USERS/GROUPS
  •  ADVANCED
  •  BASIC > IP Configuration
  •  BASIC > Administration

The Limit Access To setting applies.

Support

For users in a helpdesk type of position, the Support role enables viewing Dashboard and Log pages as well as reports, but this role cannot schedule reports. The Support role can create exceptions on the BLOCK/ACCEPT > Exceptions page, but all other BLOCK/ACCEPT tabs are read-only. The following pages are disabled:

  •  USERS/GROUPS
  •  ADVANCED
  •  BASIC > IP Configuration
  •  BASIC > Administration

Use Cases for Various Roles

  • Monitoring and Reporting: Use the Read Only role for the user who will be monitoring status and running (but not scheduling) reports on the Barracuda Web Security Gateway. This role cannot change any settings.
  • Monitoring, Reporting and Creating Exceptions: The Support role is designed for the Helpdesk person in the organization who provides daily reporting and monitoring of set policies for the administrator who has delegated these tasks. Unlike the Read Only role, this role can also create exceptions to policies as directed by the administrator.
  • Users are blocked from websites they need to access: The Manage role can create exceptions to policy for block, warn, monitor or allow actions that have been set for various domains or categories of domains. For example, job search websites may be blocked for most employees, but certain members of the  HR department need to access them. This role can make an Allow exception for a Local Group such as HR Managers (see USERS/GROUPS > New Users and USERS/GROUPS > Local Groups to assign users to groups) to access the Job Search & Career Development sub category of domains .
  • Support for performance or connectivity issues: The Support role can view the DASHBOARD page to check performance statistics and note if there are any red indicators on throughput, system load or report/log storage.

 

Related Articles

 

Last updated on