12.4. User Roles
Trisul web users fall into three roles
- Forensics Operators
Important The built-in admin user cannot be deleted.
There are four roles that a user can possess.
|Administrator||Can do anything|
|Operators||No admin powers. Can only monitor traffic. Cannot look at flows, resources, or raw packets|
|Forensics Operators||No admin powers. Can monitor traffic, but also inspect in depth what anyone is doing, down to the packet level.|
|Subscriber||No admin powers. Can investigate subscribed IPs or Interfaces|
A role is but a set of allowed and disallowed operations. You can change what a role is allowed to do
adminuser to manage user roles.
For each role
- The red color operations are disallowed
- The green color operations are allowed
- The blue color operations are read only
12.4.2 Inactivity security timeout
Due to the sensitive nature of the data presented by Trisul, there is an inactivity timeout associated with each user. If no user interaction is seen by Webtrisul server for a certain period of time, the user is automatically logged out. They will then have to present their login/password again to re-enter the system.
You can increase inactivity timeout
p(autohint hand-o-right info).
To access, Select Manage → App settings → Web Server → Idle Timeout
If you want to disable it – set it to some huge value (1000000 seconds)
12.4.3 Authentication Audit Log
All login activity is logged by the server
adminuser to view login activity.
The following details are logged by the server
- Login time
- Login IP
- Login Status
- Reason for failure to login (eg, wrong password)
- Logout (with reason)
- Inactivity timeout log