# 06. Users and Security

## 1. User management

In `Users`:
1. create operator accounts,
2. reset/change passwords,
3. remove unused accounts.

Avoid using one shared account for multiple operators.

## 2. Public vs private radar

`Radar Visibility` controls radar access mode:
1. `Public` - no login required for radar view.
2. `Private` - login required.

This does not replace network-level controls (ports, firewall, binding).

## 3. Baseline hardening

1. Use a dedicated `AdminPort`.
2. Restrict admin port access at firewall level (LAN/VPN admin clients only).
3. Use a strong admin password.
4. Rotate password after deployment.
5. Do not expose admin panel publicly unless required.

## 4. Safe change procedure

1. Apply configuration change.
2. Save.
3. Restart service when required.
4. Verify:
   - radar endpoint works,
   - admin endpoint works,
   - authentication works.