Privileges Screens
2 minute read.
Do not edit the existing predefined administrator roles (Full Control Admin, Readonly Admin, and Sharing Admin)! Editing an unrestricted administrator account privilege can result in lost access to the system!
The Privileges screen shows pre-defined and user-configured roles defined on the system. The Privileges screens show the default administrator groups and roles and define customized groupings of roles for different local or directory service-imported account groups.
The new and edit privilege screens show the same settings but not all settings are editable.
TrueNAS Enterprise
Enterprise-licensed systems can enable Active Directory to provision groups in TrueNAS. To make this possible, join Active Directory, then go to System > Advanced Settings > Access and enable the Allow Directory Service users to access WebUI option. After enabling this, the Edit Privilege screen lists AD groups on the Groups dropdown list. See Allowing Directory Service Users to Access the UI for more information.
Add opens the New Privilege screen. The Edit icon opens the Edit Privilege screen for the selected privilege.
| Setting | Description |
|---|---|
| Name | Assigns the name entered to a new privilege. Names can include the dash (-) or underscore(_) special characters, and upper and lowercase alphanumeric characters. Enter a descriptive name for the privilege. Name shows on the Edit Privilege screen but is not editable. |
| Groups | Shows a list of groups configured on the system. Select a group from the dropdown list after clicking in the field. The privilege is applied to the selected group(s). |
| Roles | Select from a dropdown list of all available roles available to assign to the new privilege or change an existing privilege. Only the Readonly Admin, Sharing Admin, or Full Admin roles are supported in the web UI. |
| Web Shell Access | Select to allow a user to assign the new privilege access to the System > Shell screen. |
Assigned administrator roles show on the Users Screen.