Typical Role Scenarios and Required Privileges

Tab-Level Access Control Matrix

This section provides a comprehensive overview of the privileges and/or capabilities required to access and perform actions within each part of the Fudo Enterprise user interface.


Each table corresponds to a top-level tab in the system. Depending on the complexity of the tab, the table may include:

  • Subsection: A nested component or feature within the tab (e.g., “General > Date Time” under the System tab).

  • Action: The specific operation (e.g., visible, create, configure) that can be controlled via access rights.

  • Privileges: The required privilege(s) for a user to perform the action.

  • Capabilities: If applicable, additional capability requirements are listed. If none are required, this column displays None.

Access control in the system is enforced based on a user’s assigned roles, which in turn grant privileges and capabilities as needed.

Note

  • Assigned capabilities for specific objects may cause certain tabs to appear in the UI, even if the user does not have the required privileges to perform any actions within those tabs.

  • Some advanced tabs, such as Safes, require more than their own privileges (e.g., safe-read, safe-create). To fully create or manage a Safe, a user must also have privileges to view and select related resources—such as accounts, servers, pools, or groups—that are part of the Safe configuration.

Privilege/Capability Matrix: Dashboard Tab

Action

Privileges

Capabilities

visible

dashboard

None
Privilege/Capability Matrix: Sessions Tab

Action

Privileges

Capabilities

visible

session-read

None

backup

session-backup

None

delete

session-delete

None

download

session-file-download, session-movie-download

None

encode

session-encode

None

retention

session-modify

None
Privilege/Capability Matrix: Requests Tab

Action

Privileges

Capabilities

visible

access-request-read

None
Privilege/Capability Matrix: Roles Tab

Action

Privileges

Capabilities

visible

role-read

None

create

role-create

None

modify

role-modify

None

delete

role-delete

None
Privilege/Capability Matrix: Users Tab

Action

Privileges

Capabilities

visible

user-create, user-read

user

create

user-create

None
Privilege/Capability Matrix: Groups Tab

Action

Privileges

Capabilities

visible

group-create, group-read

group

create

group-create

None
Privilege/Capability Matrix: Servers Tab

Action

Privileges

Capabilities

visible

server-create, server-read

server

create

server-create

None
Privilege/Capability Matrix: Pools Tab

Action

Privileges

Capabilities

visible

pool-create, pool-read

pool

create

pool-create

None
Privilege/Capability Matrix: Accounts Tab

Action

Privileges

Capabilities

visible

account-create, account-read

account

create

account-create

None
Privilege/Capability Matrix: Listeners Tab

Action

Privileges

Capabilities

visible

listener-create, listener-read

None

create

listener-create

None

modify

listener-modify

None

delete

listener-delete

None
Privilege/Capability Matrix: Safes Tab

Subsection

Action

Privileges

Capabilities

Safes

visible

safe-create, safe-read

safe

create

safe-create

None

Notifications

visible

notification-filter-read, notification-filter-create

None

create

notification-filter-create

None

delete

notification-filter-delete

None
Privilege/Capability Matrix: Discovery Tab

Subsection

Action

Privileges

Capabilities

Scanners

visible

scanner-read

None

create

scanner-create

None

modify

scanner-modify

None

delete

scanner-delete

None

start

scanner-start

None

Rules

visible

discovery-rule-read

None

create

discovery-rule-create

None

modify

discovery-rule-modify

None

delete

discovery-rule-delete

None
Privilege/Capability Matrix: Password Changers Tab

Subsection

Action

Privileges

Capabilities

Password Changer

visible

password-changer-read

None

create

password-changer-create

None

modify

password-changer-modify

None

delete

password-changer-delete

None

Password Policy

visible

password-change-policy-read

None

create

password-change-policy-create

None

modify

password-change-policy-modify

None

delete

password-change-policy-delete

None
Privilege/Capability Matrix: Remote Applications Tab

Action

Privileges

Capabilities

visible

remoteapp-read

None

create

remoteapp-create

None

modify

remoteapp-modify

None

delete

remoteapp-delete

None
Privilege/Capability Matrix: Policies Tab

Subsection

Action

Privileges

Capabilities

Policy

visible

policy-read

None

create

policy-create

None

modify

policy-modify

None

delete

policy-delete

None

Regexp

visible

regexp-read

None

create

regexp-create

None

modify

regexp-modify

None

delete

regexp-delete

None
Privilege/Capability Matrix: Downloads Tab

Subsection

Action

Privileges

Capabilities

Files

visible

session-file-read

None

download

session-file-download

None

delete

session-file-delete

None

Movies

visible

session-movie-read

None

download

session-movie-download

None

delete

session-movie-delete

None
Privilege/Capability Matrix: Reports Tab

Action

Privileges

Capabilities

visible

report-read

None

create

report-create

None

modify

report-modify

None

delete

report-delete

None
Privilege/Capability Matrix: Productivity Tab

Action

Privileges

Capabilities

visible

productivity-read

None
Privilege/Capability Matrix: System Tab

Subsection

Action

Privileges

Capabilities

General > Date Time

visible

datetime-read

None

configure

datetime-modify

None

General > NTP

visible

ntp-read

None

configure

ntp-modify

None

General > Certificates

visible

certificate-read

None

General > Certificates > Fudo Admin Panel

visible

certificate-read

None

configure

certificate-mgmt

None

General > Certificates > User Access Gateway

visible

certificate-read

None

configure

certificate-uag

None

General > Certificates > User CA

visible

certificate-read

None

configure

certificate-client

None

General > Maintenance Supervision > Deny New Connections

visible

maintenance-read

None

configure

deny-new-connections

None

General > Maintenance Supervision > Tech Support Access

visible

maintenance-read

None

configure

tech-support-access

None

General > Maintenance Supervision > Healthcheck Api

visible

maintenance-read

None

configure

healthcheck-api

None

General > Maintenance Supervision > Callhome

visible

maintenance-read

None

configure

callhome

None

General > Masterkey

visible

masterkey-read

None

export

masterkey-export

None

invalidate

masterkey-invalidate

None

General > Snmp

visible

snmp-read

None

configure

snmp-modify

None

General > Timestamping

visible

timestamp-read

None

configure

timestamp-modify

None

General > Changers

visible

password-changer-node-read

None

configure

password-changer-node-modify

None

General > Discovery

visible

discovery-node-read

None

configure

discovery-node-modify

None

General > Sensitive Features

visible

sensitive-feature-read

None

configure

sensitive-feature-modify

None

General > HTTP Proxy

visible

http-proxy-read

None

configure

http-proxy-modify

None

Upgrade

visible

upgrade-read

None

upload

upgrade-upload

None

check

upgrade-check

None

install

upgrade-install

None

delete

upgrade-delete

None

snapshot-delete

upgrade-snapshot-delete

None

Hotfix

visible

hotfix-read

None

upload

hotfix-upload

None

install

hotfix-install

None

delete

hotfix-delete

None

License

visible

license-read

None

configure

license-upload

None

Diagnostic

visible

diagnostic

None

Configuration > Export

visible

configuration-export

None

Configuration > Import

visible

configuration-import

None

Configuration > Service Data

visible

service-data

None
Privilege/Capability Matrix: Network Tab

Subsection

Action

Privileges

Capabilities

Interfaces

visible

network-read

None

configure

network-modify

None

DNS

visible

network-read

None

configure

network-modify

None

Routing

visible

network-read

None

configure

network-modify

None

ARP

visible

network-read

None

configure

network-modify

None

Labels

visible

label-read

None

configure

label-modify

None
Privilege/Capability Matrix: External Storage Tab

Action

Privileges

Capabilities

visible

external-storage-read

None

configure

external-storage-modify

None
Privilege/Capability Matrix: Notifications Tab

Action

Privileges

Capabilities

visible

smtp-read

None

configure

smtp-modify

None
Privilege/Capability Matrix: Artificial Intelligence Tab

Action

Privileges

Capabilities

visible

ai-read

None

configure

ai-modify

None
Privilege/Capability Matrix: Authentication Tab

Subsection

Action

Privileges

Capabilities

External

visible

extauth-read

None

create

extauth-create

None

modify

extauth-modify

None

delete

extauth-delete

None

Openid Connect

visible

oidc-read

None

create

oidc-create

None

modify

oidc-modify

None

delete

oidc-delete

None

Global

visible

authentication-read

None

configure

authentication-modify

None
Privilege/Capability Matrix: External Password Repositories Tab

Action

Privileges

Capabilities

visible

passvn-read

None

create

passvn-create

None

modify

passvn-modify

None

delete

passvn-delete

None
Privilege/Capability Matrix: Resources Tab

Subsection

Action

Privileges

Capabilities

Protocols

visible

logo-read

None

configure

logo-modify

None

User Portal

visible

logo-read

None

configure

logo-modify

None
Privilege/Capability Matrix: Backup And Retention Tab

Subsection

Action

Privileges

Capabilities

Backup

visible

backup-read

None

create

backup-create

None

modify

backup-modify

None

delete

backup-delete

None

Retention

visible

retention-read

None

configure

retention-modify

None
Privilege/Capability Matrix: Cluster Tab

Subsection

Action

Privileges

Capabilities

Nodes

visible

cluster-read

None

create

cluster-modify

None

modify

cluster-modify

None

delete

cluster-modify

None

cluster_create

cluster-modify

None

cluster_join

cluster-modify

None

Redundancy Groups

visible

cluster-read

None

create

cluster-modify

None

modify

cluster-modify

None

delete

cluster-modify

None

failover

cluster-failover

None
Privilege/Capability Matrix: User Directory Tab

Action

Privileges

Capabilities

visible

user-directory-read

None

create

user-directory-create

None

modify

user-directory-modify

None

delete

user-directory-delete

None
Privilege/Capability Matrix: Events Log Tab

Action

Privileges

Capabilities

visible

log-read

None
Privilege/Capability Matrix: ShareAccess Tab

Action

Privileges

Capabilities

visible

fudo-network

None

Dashboard Widgets Visibility

The visibility of individual widgets on the Dashboard depends on the following privileges:

Privileges Required to View All Dashboard Widgets

Privilege

Description

Corresponding Widget

dashboard

Allows accessing the Dashboard tab

Dashboard tab visibility

account-read

Allows viewing the list of accounts and account details

Account Alerts

user-read

Allows viewing the users list and user details

Active Users

session-read

Allows viewing the list of sessions and session details

Suspicious Sessions, New Sessions, Concurrent Sessions

configuration-read

Allows previewing the Configuration tab

License

log-read

Allows viewing the events log

Logs

cluster-read

Allows viewing cluster configuration

Node

If the user has a capability to any user or account and the dashboard global privilege assigned, they will also see the Active Users and Account Alerts widgets, respectively.

Note

When the user’s role changes, some widgets may move to the Dashlet’s Market. To make them visible again, check the market and add the widgets back to the Dashboard if needed.

Sessions Tab Permissions

To view and interact with the Sessions tab, the user must have the following privileges:

  • session-view

  • session-read

In addition, to see a specific session on the list, the user must have read access to all objects associated with the session:

  • The user involved in the session,

  • The corresponding server,

  • The account used,

  • The related safe (if applicable).

Playback and Preview

To view or play back a session, the following privileges are required:

  • user-session-view

  • session-view

  • session-read

  • Read access to all associated objects (user, server, account, safe)

Session Backup

The session-backup privilege allows sending a session to backup. This action does not modify the session, which is why it is handled with a dedicated privilege.

Session Management

The session-modify privilege grants access to advanced session management operations. Users with this privilege can perform the following actions for sessions they have access to:

  • Restore a session from backup,

  • Download files transferred via SCP or SFTP,

  • Approve or reject a session if the require approval option is enabled in the safe,

  • Send the session to other nodes,

  • Revoke session sharing,

  • Modify editable session attributes,

  • Modify session timestamps.

Downloads Tab Permissions

Access to the Downloads tab, which allows users to retrieve session-related files (such as session recordings and transferred files), is governed by the following privileges:

  • session-*

  • session-file-*

  • session-movie-*

However, privileges from the following groups alone do not grant access to all sessions globally. In order to view and download files from a specific session, the user must also have access rights to all objects associated with that session, including:

  • the user who initiated the session,

  • the target server,

  • the account used, and

  • the safe in which these objects are stored.

These object-level access rights can be granted either through dedicated global privileges or via appropriate capability assignments.

Safes Management

Note

To manage accounts in safes, the user must have at least the listener-read privilege from the Listener privileges list, regardless of their existing permissions for the accounts themselves.

To create a safe, the following minimum privileges are required:

  • safe-read

  • safe-create

  • safe-user-add

  • user-read

  • account-read

  • listener-read

Additionally, the following privileges are required for specific actions:

  • To assign groups to the safe:

    • group-read

  • To manage notifications:

    • notification-filter-read

    • notification-filter-create

    • notification-filter-delete

  • To assign policies:

    • policy-read

Discovery Tab Permissions

To fully manage the Discovery tab it is required to have all below tab related privileges:

  • scanner-read

  • scanner-create

  • scanner-modify

  • scanner-delete

  • scanner-start

  • discovery-rule-read

  • discovery-rule-create

  • discovery-rule-modify

  • discovery-rule-delete

  • listener-read

  • server-read

  • account-read

  • password-changer-read

  • password-change-policy-read

Note

Please note that to view the list of Discovery rules in the Discovery tab, the listener-read privilege is also required.

To access the Discovery node settings (System > General > Discovery), the user needs the following privileges:

  • discovery-node-read

  • discovery-node-modify

  • cluster-read

Access Request Permissions

To vote on an Access Request, a user must meet the following conditions:

  • Have the access-request-read privilege – grants access to the Requests tab.

  • Have the access-request-vote privilege – grants the ability to vote on requests.

  • Have read permissions for the following objects related to the request: - User – the requesting user. - Safe – the safe containing the requested account. - Account – the account the request concerns.

Proper configuration of object-level permissions and capabilities is required to participate in the approval workflow.

Fudo Officer

To pair or unpair the Fudo Officer mobile app with an account, the user needs access to the Admin Panel and the modify capability for their own account.


For the Fudo Officer app to function fully, the following permissions are required for the user:

  • user-read

  • server-read

  • listener-read

  • safe-read

  • account-read

  • access-request-vote

  • access-request-read

Reports Tab Permissions

Note

Only users with the report-read and system-report-read permissions are allowed to access system reports, which are automatically triggered by the system. Such reports contain all data from the system, including all objects.

report-create

  • Ensures that a report will be generated and will appear under Reports → Reports.

  • Allows generating reports from the Sessions tab.

report-read

  • Required to view any report.

  • Users cannot view reports generated by other users.

  • Allows viewing reports according to existing subscriptions, historical reports, and those generated from the Sessions tab.

report-modify

  • Allows managing report subscriptions from the Reports → Settings tab.

  • An admin can add a subscription for any type of report.

  • Generated data is limited to objects and data to which the user has permissions.

Note

Data in the generated report is limited to objects and other information to which the user has access.

report-delete

  • Users can only delete their own reports.

system-report-read

  • Grants access to system-level report content, regardless of assigned capabilities or privileges.

  • Must be combined with report-read to make system reports and the Reports tab visible.

  • This permission is intended to be assigned exclusively to users with the superadmin role.

Related topics: