User Group Properties
The following parameters can be defined for User Groups.
Parameter | Definition |
---|---|
adminGroup | If set as true, all users belonging to the user group have admin rights. |
allowConsoleAccess | If set as true, console access to AAA and TACACS+ devices is enabled for the user group. |
allowDirectAccess | If set as true, direct access to AAA and TACACS+ devices through Kron PAM is enabled for the user group. |
allowSftpInSshDevices | If set as true, both SFTP and SSH access are available in devices that have SSH access protocol for the user group. The default value is false. |
approvalRequiredForConnection | If set as true, managerial approval applies for SSH/RDP/SFTP connections for all users belonging to that user group. The Group Manager needs to approve for other users to establish SSH/RDP/SFTP connections. |
autonomousGroup | If set as true, this group’s users may be excluded in RADIUS logs in order to avoid creating a log flood. These users’ passwords never expire. |
externalDirectorySources | This value is pulled from the sc.integration.ldap.source.name_n parameter defined in the System Config Man. It specifies which LDAP source the user group belongs to. |
passwordTtlMonths | Defines the maximum time allowed for the use of passwords for users in the configured user group. When the users' passwords reach their TTL, they are forced to change it the next time they log in. |
sc.command.log.disabled | Enable/Disable viewing command logs for users who are able to view session logs. The default value is false. If set as true, the users in the related user group are unable to view command logs. |
sc.keylog.log.disabled | Enable/Disable viewing of key logs generated during RDP sessions. The default value is false. If set as true, the users in the related user group are unable to view key logs. |
sc.ocr.log.disabled | Enable/Disable viewing OCR logs generated during RDP sessions. The default value is false. If set as true, the users in the related user group are unable to view OCR logs. |
sc.session.video.record.disabled | Enable/Disable viewing session video records for users who are able to see session logs. The default value is false. If the parameter is set as true, the users in the related user group are unable to view session video records. |