Reference Guide
...
User Management
User Group Creation

User Group Properties

1min

The following parameters can be defined for User Groups.

Parameter

Definition

adminGroup

If set as true, all users belonging to the user group have admin rights.

allowConsoleAccess

If set as true, console access to AAA and TACACS+ devices is enabled for the user group.

allowDirectAccess

If set as true, direct access to AAA and TACACS+ devices through Kron PAM is enabled for the user group.

allowSftpInSshDevices

If set as true, both SFTP and SSH access are available in devices that have SSH access protocol for the user group. The default value is false.

approvalRequiredForConnection

If set as true, managerial approval applies for SSH/RDP/SFTP connections for all users belonging to that user group. The Group Manager needs to approve for other users to establish SSH/RDP/SFTP connections.

autonomousGroup

If set as true, this group’s users may be excluded in RADIUS logs in order to avoid creating a log flood. These users’ passwords never expire.

externalDirectorySources

This value is pulled from the

sc.integration.ldap.source.name_n parameter defined in the System Config Man. It specifies which LDAP source the user group belongs to.

passwordTtlMonths

Defines the maximum time allowed for the use of passwords for users in the configured user group. When the users' passwords reach their TTL, they are forced to change it the next time they log in.

sc.command.log.disabled

Enable/Disable viewing command logs for users who are able to view session logs. The default value is false. If set as true, the users in the related user group are unable to view command logs.

sc.keylog.log.disabled

Enable/Disable viewing of key logs generated during RDP sessions. The default value is false. If set as true, the users in the related user group are unable to view key logs.

sc.ocr.log.disabled

Enable/Disable viewing OCR logs generated during RDP sessions. The default value is false. If set as true, the users in the related user group are unable to view OCR logs.

sc.session.video.record.disabled

Enable/Disable viewing session video records for users who are able to see session logs. The default value is false. If the parameter is set as true, the users in the related user group are unable to view session video records.