The following article provides details on different authorization levels in IGEL OS, which you can configure to protect your endpoint devices against unwanted changes. You will learn the difference between the access for administrator and setup administrator, for user and setup user.

For a general overview on securing your devices, see Securing IGEL OS Endpoints


Menu path: Security > Password

You can assign four different authorization levels:

Administrator: The administrator has full access to the IGEL Setup.

The assignment of the administrator password is a prerequisite for all other rights assignments. Even if the administrator wants to leave the administration of the IGEL Setup to the setup administrator, the administrator password must be set.

An administrator password protects the following critical actions/areas from unauthorized access:


Setup Administrator
: A user to whom rights are assigned for minor administrative tasks. You specify which pages the setup administrator can edit under Accessories > Setup > Setup Administrator Permissions.

Setup User: A user who can make some unlocked user settings in the IGEL Setup. You specify which pages the setup user can edit under Accessories > Setup > Setup User Permissions.

User: This user has no access to the IGEL Setup. A user password is required in the following cases:


If you have defined passwords for different authorization levels, a login window appears at the start of the IGEL Setup in which you can select an authorization level:

When entering a password, ensure that the correct keyboard layout is enabled.

Administrator

Use password

☑ A password is needed to log in as administrator (root). 

  • A password is also needed for the user, the setup user, and the setup administrator.
  • The password is set by clicking Change Password.

☐ No password is needed to log in as an administrator. Also, no password is needed for the user (user), the setup user, and the setup administrator.*

Change Password

Sets a new password for the administrator (root).

Effects on local terminal access

Setting an administrator password has the following effects on the access to local terminals:

  • For logging in as root, the administrator password must be entered.
  • Logging in as user is no longer possible.

However, you can allow access for user by making the following settings:

  • Enable the registry key system.security.usershell (Default: Disabled).
  • Set a user password.

For logging in as user, the user password will have to be entered. (See the "User" section of this page).

Setup Administrator

Setup Administrator Access

This option is relevant if an administrator password is set.

☑ The setup administrator can access the areas of the IGEL Setup for which he has authorization. Further information can be found under Setup Administrator Permissions - Define Access to IGEL Setup Areas.

  • A password is needed to log in as setup administrator.
  • The password is set by clicking Change Password.

☐ The setup administrator cannot access the IGEL Setup.*

Change Password

Sets a new password for the setup administrator.

Setup User

Setup User Access

This option is relevant if an administrator password is set.

☑ The setup user can access the areas of the IGEL Setup for which he has authorization. Further information can be found under Setup User Permissions - Define Access to IGEL Setup Areas.

  • A password is needed to log in as a setup user.
  • The password is set by clicking Change Password.

☐ The user cannot access the IGEL Setup.*

Change Password

Sets a new password for the setup user.

User

Use Password

This option is relevant if an administrator password is set.

☑ The user (user) needs a password in order to log in to the device via the local terminal. The password is set by clicking Change Password.

☐ If an administrator password is set, the user (user) cannot log in to the device via the local terminal. If no administrator password is set, the user (user) can log in to the device via the local terminal without a password.*

Change Password

Sets a new password for the user (user).

User Account for Remote Access

Enable Login

☑ The remote user (ruser) can log in to the device via SSH. Further information can be found under SSH Access.*

☐ Logging in via SSH is not possible.

Use Password

☑ A password is needed to log in via SSH.

☐ No password is needed to log in via SSH.*

Change Password

Sets a new password for the remote user (ruser).



*IGEL OS system default