Users & Roles

DATAZONE Control features a role-based access control system. Users are assigned roles that define specific permissions for modules and functions.

Managing Users

Access user management via Settings > Users.

Creating a User

Click Add User
Enter the following information:

Field	Description
Username	Unique login name
Display Name	Name shown in the interface
Email	Email address
Password	Initial password
Roles	Assign one or more roles

Editing a User

Click on a user in the list
Modify the desired fields
Save the changes

Deactivating a User

Deactivated users can no longer log in but remain in the system (e.g., for audit purposes).

Managing Roles

Predefined Roles

Role	Description
Admin	Full access to all functions
Operator	Management of hosts and execution of actions
Viewer	Read-only access

Creating a Role

Navigate to Settings > Roles
Click Create Role
Assign a name
Assign permissions

Permissions

Permissions can be configured granularly per module and function:

Module Permissions

Permission	Description
`opnsense.view`	View OPNsense module
`opnsense.edit`	Edit firewalls
`opnsense.tunnels`	Create tunnels
`opnsense.shell`	Shell access
`pve.view`	View PVE module
`pve.edit`	Edit PVE hosts
`pbs.view`	View PBS module
`linux.view`	View Linux module
`linux.edit`	Edit Linux servers
`windows.view`	View Windows module
`windows.edit`	Edit Windows servers

Function Permissions

Permission	Description
`scripts.manage`	Create and edit scripts
`scripts.execute`	Execute scripts
`reports.manage`	Manage report templates
`reports.generate`	Generate reports
`checks.manage`	Manage health checks
`groups.manage`	Manage groups
`settings.manage`	Modify system settings
`users.manage`	Manage users and roles
`audit.view`	View audit log

Example Roles

Monitoring Team:

All *.view permissions
checks.manage
reports.generate

Network Admin:

opnsense.view, opnsense.edit, opnsense.tunnels, opnsense.shell
scripts.execute

Windows Admin:

windows.view, windows.edit, windows.tunnels, windows.shell
scripts.execute

Multi-Factor Authentication (MFA)

Enabling MFA

Click on your username (top right)
Select User Settings
Click Enable MFA
Scan the QR code with an authenticator app
Enter the 6-digit code to confirm

Supported Apps

Google Authenticator
Microsoft Authenticator
Authy
Any TOTP-compatible app

Resetting MFA

As an administrator, you can reset MFA for other users:

Open the user in the management panel
Click Reset MFA
The user can set up MFA again on their next login

Security Recommendation

Enable MFA for all users with administrative privileges. This protects against unauthorized access even if passwords are compromised.

Users & Roles ​

Managing Users ​

Creating a User ​

Editing a User ​

Deactivating a User ​

Managing Roles ​

Predefined Roles ​

Creating a Role ​

Permissions ​

Module Permissions ​

Function Permissions ​

Example Roles ​

Multi-Factor Authentication (MFA) ​

Enabling MFA ​

Supported Apps ​

Resetting MFA ​