Sawmill Documentation
Technical ManualFAQUser GuideWWW Sawmill

Role Based Access Control (RBAC)


Role Based Access Control-Enterprise Edition

If you have logged into Sawmill as the Root Administrator, then you can set up Roles for the other users. Once you are in Admin, select "Roles" and will see:

This is where you would define Roles for your other users. A role defines the permissions to view/access features and to edit/add/delete objects. A role does not define access to specific profiles, it only specifies which features can be assessed and the permissions a user has per feature (edit/add/delete). Sawmill provides two default roles after installation, Manager and Statistics Visitor. Both roles can be named whatever you wish and with their appropriate features set.

Users are defined by username and password. Select "Users" in the menu, next to "Roles and you will see:

Select a username, and password and then define the profile and roles associated with that name. These are assigned in pairs, with one or more profiles and one or more roles. You can assign any access role pairs, there is no limit. For instance, you can have a user that can access profile A and profile B, that uses Role A. That user could also have access to profile C with Role B. There is no limit in the access of pair combinations, the same profile could be part of several access pairs.

RBAC allows you to hide specific report values in table columns or graphs by setting grants for specific field categories, such as IP address, hostname, user, etc. All field categories are disabled by default, so they are not visible in roles and they are not functional. The reason they are disabled is that there are field categories such as date/time or day of week which are unlikely to be granted ever, or a Root Administrator may not use grants for field categories at all. You can enable/disable field categories by opening up field_categories.cfg, within the LogAnalysisInfo directory. With a text editor, change the "active_in_rbac" value to true or false. Once the field category is enabled, it will be visible in roles within the reports tab and it will hide any report value of that specific field catagory unless the field category view/access permission is checked within the role.

RBAC in the Professional Version

RBAC is available in the Pro version, but limited as follows:

  • Users Page: the user is limited to single access pairs per user.
  • Roles Page: You can only have two roles, they can be edited but not added or deleted.