Skip to content

Roles

HySecure Roles

A user needs to log in to HySecure to either access the applications securely over the network OR to manage the HySecure Gateway through the Management Console.

Organizations integrate HySecure with AD/LDAP/SAML - third-party authentication methods for user authentication. However, there are situations where organizations do not have third-party authentication methods or do not wish to use them for internal reasons. In such cases, HySecure supports creating users in its local database.

An Administrator must register all the users who need to access applications securely over the network. HySecure supports multiple user roles and permissions. The security privilege of these users depends on the role they perform. Various user roles in HySecure are as follows:

  1. Low Security User: Low Security Users log in with basic authentication using the username and password. Low-Security Users can be Native, LDAP/ ADS, or RADIUS users who are authenticated with the weaker basic authentication mechanism. If you wish to have users log in with their Active Directory credentials then you do not have to create their account on the HySecure server. See Configuring Authentication Servers for more information.

  2. High Security User: High Security Users use certificate-based authentication to log in. Security Officers, Administrators, and Monitoring Users are High Security Users by default.

  3. Administrator (Admin): The Administrator can manage other Administrators, High and Low Security users, Applications, and Access Control Lists (ACLs) for various users and application groups. However, they cannot Add, Modify, or Delete a Security Officer. They do not have the right to apply for licenses, updates, or upload certificates.

  4. Security Officer (SO): The Security Officer (SO) has the highest level of access in HySecure. The SO can Create, Modify, and Delete users, including other Security Officers, Administrators, and High/Low Security Users. An SO can manage ACLs for User Groups and applications. Only an SO has the right to change the Server State, Database Password, and Basic Authentication Method, and Enable or Disable SSH.

  5. Monitoring User: This role enables users to manage registered devices and monitor the Dashboard. They can also monitor and export Active users, Registered users, Turbo active users, and Remote meeting users. In addition, they can download reports, logs, and archived logs.

  6. L1 Support User: The L1-level Support user has the right to:

    1. Monitor the dashboard.
    2. Monitor and export active users, turbo active users, and remote meeting users.
    3. Monitor and export registered users.
    4. Monitor, export, and manage registered devices.
    5. Monitor and download reports and logs.
    6. Download archived logs.
    7. Modify host scan policies.
    • Security Officer (SO): These are the most privileged of all HySecure users. A Security Officer can create, delete, and modify other SOs, Administrators, and Low-Security Users. It can also manage the Access Control Lists (ACL) for User Groups, as well as manage applications. Only a Security Officer can change the server state, database password, and basic authentication method and also enable/disable SSH.
    • Administrator (Admin): The administrator can create, delete, and modify other Administrators and Low-Security Users. They can also administer Applications, User Groups, and Application Groups, and manage the Access Control Lists (ACLs) for User Groups. Admin users cannot create, modify, or delete Security Officers.

  8. Low-Security Users: Low-Security Users can be Native, LDAP/ ADS, or RADIUS users who are authenticated with the weaker basic authentication mechanism. If you wish to have users log in with their Active Directory credentials then you do not have to create their account on the HySecure server. See Configuring Authentication Servers for more information.

  9. Machine Class Users: The Machine Class Users are created only in the context of configuring a chained remote access.

Note

Security Officers, Administrators, and High Security Users can also log on to the server with basic authentication but they will not have the Power User privileges when they log on with Login ID and Password.

You can integrate HySecure with LDAP, ADS, RADIUS, or SAML authentication servers. This allows the users registered with these servers to log on to VPN with their LDAP, ADS, or RADIUS user accounts. There is no need to create user accounts in the HySecure server (Native Database) for these users. However, the LDAP, ADS, RADIUS, or SAML users only have Low Security User privileges.

Note

For High-Security User privileges, you must create an account for the user in the HySecure database.