Skip to content

HySecure Roles

An Administrator must register all those users who need to access applications securely over the network. HySecure supports multiple user roles and permissions. The security privilege of users depends on the role they perform. The different user roles are:

  • Administrator (Admin): The administrator can create, delete, and modify other Administrators, High Security, and Low-Security Users. They can also administer Applications, User Groups, and Application Groups and manage the Access Control Lists (ACLs) for User Groups. Admin users cannot create, modify, or delete Security Officers.

  • Security Officer (SO): The most privileged of all HySecure users. A Security Officer can create, delete, and modify other SOs, Administrators, High Security, and Low Security Users. An SO can also manage the Access Control Lists (ACL) for User Groups, as well as manage applications. Only a Security Officer can change the server state, database password, and basic authentication method and enable/disable SSH.

    • High-Security Users: High-Security Users are Power Users who are authenticated with the stronger Certificate-based authentication mechanism. By default, Security Officers and Administrators are Power Users.

    • Low-Security Users: Low-Security Users can be Native, LDAP/ ADS, SAML, or RADIUS users who are authenticated with the weaker basic authentication mechanism. If you wish to have users log in with their Active Directory credentials, then you do not have to create their account on the HySecure server. See Configuring Authentication Servers for more information.

    • Machine Class Users: Machine Class Users are created only in the context of configuring a chained VPN.

Note: Security Officers, Administrators, and High-Security Users can also log on to the server with basic authentication, but they will not have the Power User privileges when they log on with Login ID and Password.

You can integrate HySecure with LDAP, ADS, SAML, or RADIUS authentication servers. This allows the users registered with these servers to log on to VPN with their LDAP, ADS, SAML, or RADIUS user accounts. There is no need to create user accounts in the HySecure server (Native Database) for these users. However, the LDAP, ADS, SAML, or RADIUS users have only Low Security User privileges. For High-Security User privileges, you must create an account for the user in the HySecure database.