You are here: Webhelp 5.5R7 > Object > Role

Role

Roles are designed with certain privileges. For example, a specific role can gain access to some specified network resources, or make exclusive use of some bandwidth. In StoneOS, users and privileges are not directly associated. Instead, they are associated by roles.

The mappings between roles and users are defined by role mapping rules. In function configurations, different roles are assigned with different services. Therefore, the mapped users can gain the corresponding services as well.

System supports role combination, i.e., the AND, NOT or OR operation on roles. If a role is used by different modules, the user will be mapped to the result role generated by the specified operation.

System supports the following role-based functions:

  • Role-based policy rules: Implements access control for users of different types.
  • Role-based QoS: Implements QoS for users of different types.

  • Role-based statistics: Collects statistics on bandwidth, sessions and new sessions for users of different types.

  • Role-based session limits: Implements session limits for specific users.

  • SCVPN role-based host security detection: Implements control over accesses to specific resources for users of different types.

  • Role-based PBR: Implements routing for users of different types.

Configuring a Role

Creating a Role

To create a role, take the following steps:

  1. Select Object > Role > Role.
  2. Click New.

  3. Click OK.

Mapping to a Role Mapping Rule

You can map the role to user, user group, CN or OU through this function or Creating a Role Mapping Rule. After Creating a Role Mapping Rule, you can click Mapping To to map the selected role again.

To map the selected role again, take the following steps:

  1. Select Object > Role > Role.
  2. Select the role need to be mapped, and click Mapping To.

  3. In the Mapping name section, select a created mapping rule name from the first drop-down list ( For detailed information of creating a role mapping role, see Creating a Role Mapping Rule.), and then select a user, user group, certificate name (the CN field of USB Key certificate), organization unit (the OU field of USB Key certificate) or any from the second drop-down list. If User, User group, CN or OU is selected, also select or enter the corresponding user name, user group name, CN or OU into the box behind.

  4. Click Add to add to the role mapping list.

  5. If needed, repeat Step 3 and Step 4 to add more mappings. To delete a role mapping, select the role mapping you want to delete from the mapping list, and click Delete.

  6. Click OK.

Creating a Role Mapping Rule

To create a role mapping rule, take the following steps:

  1. Select Object > Role > Role Mapping .
  2. Click New.
  3. Type the name for the rule mapping rule into the Name box.

  4. In the Member section, select a role name from the first drop-down list, and then select a user, user group, certificate name (the CN field of USB Key certificate) or organization unit (the OU field of USB Key certificate) from the second drop-down list. If User, User group, CN or OU is selected, also select or enter the corresponding user name, user group name, CN or OU into the box behind.

  5. Click Add to add to the role mapping list.

  6. If needed, repeat Step 4 and Step 5 to add more mappings. To delete a role mapping, select the role mapping you want to delete from the mapping list, and click Delete.

  7. Click OK.

Creating a Role Combination

To create a role combination, take the following steps:

  1. Select Object > Role > Role Combination.
  2. Click New.

  3. Click OK.