Role attributes
SoftWLC platform administrator
The privilege implies full access to the system including Admin Panel and Portal Constructor system settings.
Admin Panel
Additional role parameters
Attribute | Description |
'Digits only' format of password for Wi-Fi users | When checked, only digits can be used for Wi-Fi users' passwords. |
Length of password for Wi-Fi users | Minimum length of Wi-Fi users'passwords. |
Show passwords of Wi-Fi users | Permission to view passwords to Wi-Fi users' accounts. |
Show IP addresses of access points | When checked, an additional column containing IP addresses of access points is displayed in the table of access points. |
Show tariff of Wi-Fi users | Permission to view tariffs in Wi-Fi users' accounts. |
WiFi B2B Admin Panel tabs
There are several privilege levels:
- this option is not available for the user
- permission to view
- permission to edit
Section | Page | Description |
Services and tariffs | Tariffs | Setting tariffs for Wi-Fi users connection |
PCRF services | Configuring services used in BRAS (PCRF) tariffs | |
PCRF scenarios | Configuring scenarios used in BRAS (PCRF) | |
Wi-Fi users | Enterprise Users | The table of 'enterprise' users that authorize on Eltex access points via EAP (RADIUS) |
Hotspot users | The table of 'hotspot' users that authorize on Eltex and other access points via BRAS (PCRF) using Eltex.Portal. | |
Vouchers | The table of randomly generated users. | |
Blocking Account | Configuring black lists of MAC addresses. | |
Block by def | Configuring access lists of clients' phone numbers | |
Top active users Enterprise | Monitoring and blocking of Enterprise users with maximum traffic consumption | |
Top active users Hotspot | Monitoring and blocking of Hotspot users with maximum traffic consumption | |
Event log | Event log | System events log |
Wi-Fi users event log | The log contains Wi-Fi users' accounts changes parformed by system administrators | |
Scheduler | Scheduler | Scheduled operations management |
Reference | Contact technical support | Tech support request form |
Feedback/claims | Feedback/Claim submit form | |
Access points | Devices | The table contains a list of access points and consolidated information on them |
Problem devices | The table contains a list of emergency (unavailable) access points | |
Offices status | The table contains integrated figures and status of offices with access points installed | |
Map | The map on which access points are displayed according to their geodata. | |
SMS statistic | SMS statistic by time | The page with charts showing SMS sent at specific times. |
SMS statistic by group | The table with SMS sending statistics | |
Outgoing SMS | The table showing sent SMS and their status. | |
PCRF settings | L2 subnetworks | L2 subnetworks are created in this tab |
PCRF info | Information on CoA requests status and BRAS sessions statistics | |
CoA log | Information on CoA requests status between PCRF and BRAS | |
MAC addresses | Information on clients' MAC addresses | |
URL lists | URL lists for BRAS | |
Statistic of a provider | Quotas | Information on Admin Panel users |
Summary data | General information about the system state | |
Graphic | Information on the Wi-Fi platform operation in graphic form | |
Session statistic profile | The table contains information on Wi-Fi users' sessions | |
SSID Groups | Information on the whole network in relation to SSID | |
AP groups | Statistics on access points groups | |
Access points | Information on a status of access points installed on the network | |
Confirmation methods | Statistics on Wi-Fi users authorization ways | |
Advertising platform | Advertising platform | Configuring integration with advertising platforms |
Enterprise statistics | Traffic | Traffic statistics for 'enterprise' users |
User sessions | Session statistics for 'enterprise' users | |
Hotspot statistics | Users | Statistics on the number of 'hotspot' users |
Service | Statistics on providing 'hotspot' users with services | |
Traffic | Traffic statistics for 'hotspot' users | |
Re-visits | Statistics on 'hotspot' users' revisits | |
User sessions | Session statistics for 'hotspot' users | |
Portal Constructor | Portal Constructor | The button to go to the Portal Constructor from the Admin Panel |
Wireless networks | Wireless networks | The section for SSID wireless networks configuration |
Settings | System users | Configuring accounts for Admin Panel and Portal Constructor users |
System roles | Configuring roles for Admin Panel and Portal Constructor users | |
RADIUS clients | NAS table for eltex_auth_service |
Portal Constructor
Virtual portals management
The privilege gives the right to create, delete or edit virtual portals' names and domains.
Access to Portal Constructor sections
There are several privilege levels:
- this option is not available for the user
- permission to view
- permission to edit
Permission to view is given to any user by default.
Section | Description |
Gallery | This option gives an opportunity to work with the image gallery. |
Advertising platforms | Access to advertising platforms configuration. This section is located in virtual portal settings. |
System settings | The option allows changing Portal Constructor system settings. This privilege should not be given to average users. |
Payment service | This option gives rights to configure integration with payment services. The section is located in virtual portal settings. |
Appearance | Access to virtual portal appearance configuration. Since it is the main user function,the privilege is automatically added to any role, at least at a minimal level (viewing). |
Security settings | CAPTCHA algorithms and Wi-Fi users access lists settings. These settings are located in the section "Common settings". |
Common settings | Virtual portal settings section comprising specific parameters of each portal such as MAC address storage time, Mode, Additional pages. Antispam settings are also located there. |
Language settings | The option for portal settings that are specific for each language and not related directly to appearance. For example: SMS template, Redirection URL, Page titles. |
Tariffs | Access to portal tariffs configuration. The section is located in virtual portal settings. |
Description of the Admin Panel and the Portal Constructor users' default roles
A role is a set of attributes that allows structuring of the Wi-Fi B2B Admin Panel users' (operators') rights and simplifying rights configuration.Each system role contains a set of main attributes defining user rights in the systems "Wi-Fi B2B Admin Panel" and "Portal Constructor" and an expanded list of attributes that specifies user rights for each page of a system. All these allow creating a flexible Platform resources management scheme.
A set of default system roles is provided for the Admin Panel. Each role is preset for a user to be able to deal with necessary tasks.
default_platform_admin | Platform administration | Administrator of the SoftWLC platform. The role implies access to all system elements. |
default_provider | Adding new platforms for clients | Provider's staff member. Has rights to configure domains, tariffs, portals, roles and Admin Panel users. Wi-Fi users, all statistics. Does not have access to settings that have impact on the work of the system |
default_client_admin | Customizing some aspects of the system | A client's administrator. Has rights to create new enterprise users, vouchers, virtual portals settings and to gather client statistics |
default_client_marketer | Virtual portals customization | A client's marketer. Virtual portals configuration privileges, client statistics gathering |
default_client_employee | Monitoring | A client's staff member. Viewing portals, statistics, lists of Wi-Fi users |
provider_read_only | Monitoring | A provider's staff member_read only.Has permission to view domains, tariffs, portals, roles, Admin Panel users. Wi-Fi users, all statistics. Does not have access to settings. |
Converting roles to the default set
In the version SoftWLC 1.8, domain settings are put into the System users tab instead of the System roles. It helps to get rid of excessive roles that were created for each client of a provider within the context of previous versions. Hence conversion of roles created before to the default set is needed. That allows making roles and users management easier.
To convert existing roles to the default set automatically, the special script 'auth-roles-converter' was created. The scripts changes user roles according to the following rules:
- All roles having Admin Panel or Portal Constructor administration privileges (super users) are considered as equivalent to platform administrators. Users who had these roles get the role of the platform administrator (default_platform_admin). After that, an old role is deleted.
- Remaining roles are compared with client roles according to the following order: 'default_client_employee', 'default_client_marketer', 'default_client_admin'. If one of the default roles contains all privileges of a converted role, they can be considered as equivalent. In this case, users get an equivalent role, and an old role is removed.
- If roles are equivalent to no roles from the default set, all users having the role are assigned 'default_client_admin', an old role is also removed.
- The role 'default_provider' is not assigned by the script.
When started, the script will display a role conversion plan and wait for a confirmation. After confirmation, backups of tables containing data on system roles will be created. After that, conversion will be performed. Restart 'eltex-auth-service' process and tomcat7 on servers with the Admin Panel and the Portal Constructor.
To perform roles converting, the script auth-roles-converter
is used
When starting the script, specify login and password to access the database eltex_auth_service :
./auth-roles-converter -uroot -proot
During script execution, a list of offered changes will be displayed. If a decision to accept changes is made, a backup will be created, for example:
root@vagrant-ubuntu-trusty-64:/home/vagrant# ./auth-roles-converter -uroot -proot No replacement of default_provider2 with Eltex-Tab-Pcrf-Macs = 2. This role will be replaced by default_client_admin No replacement of providerdefault_ with Eltex-Tab-Pcrf-Macs = 2. This role will be replaced by default_client_admin Role client_admindefault_1 will be replaced with default_client_admin Role client_employeedefault_ will be replaced with default_client_employee Role client_marketerdefault_ will be replaced with default_client_marketer Role default_client_admin2 will be replaced with default_client_admin Role default_client_employee2 will be replaced with default_client_employee Role default_client_marketer2 will be replaced with default_client_marketer Role default_platform_admin2 will be replaced with default_platform_admin Role default_provider2 will be replaced with default_client_admin Role platform_admindefault_ will be replaced with default_platform_admin Role providerdefault_ will be replaced with default_client_admin Continue? [y/N] y SQL Dump of tables: radgroupreply, radgroupcommon, radusergroup is located at /home/vagrant/eltex_auth_service_backup.sql Replaced role client_admindefault_1 with default_client_admin for 1 users Replaced role client_employeedefault_ with default_client_employee for 1 users Replaced role client_marketerdefault_ with default_client_marketer for 1 users Replaced role default_client_admin2 with default_client_admin for 0 users Replaced role default_client_employee2 with default_client_employee for 0 users Replaced role default_client_marketer2 with default_client_marketer for 0 users Replaced role default_platform_admin2 with default_platform_admin for 0 users Replaced role default_provider2 with default_client_admin for 0 users Replaced role platform_admindefault_ with default_platform_admin for 1 users Replaced role providerdefault_ with default_client_admin for 1 users root@vagrant-ubuntu-trusty-64:/home/vagrant#
where
Role client_admindefault_1 will be replaced with default_client_admin
That means that no appropriate equivalents have been found for 'default_client_employee2', and it will be converted into 'default_client_employee'
No replacement of default_provider2 with Eltex-Tab-Pcrf-Macs = 2. This role will be replaced by default_client_admin
An appropriate replacement has not been found for 'default_provider2', it will be substituted by 'default_client_admin'
Continue? [y/N] y
Confirm the changes
SQL Dump of tables: radgroupreply, radgroupcommon, radusergroup is located at /home/vagrant/eltex_auth_service_backup.sql
Creating a dump
Replaced role client_admindefault_1 with default_client_admin for 1 users
Replacing 'client_admindefault_1' with 'default_client_admin' via user settings. After that, the role is removed from the system.