pfSense

Currently it isn't possible to restrict users to accessing only specific services, except when they have a separate requirement like needing a key or certificate. Any service enabled that does not have such a requirement will be accessible by any user added to the system. Things were already fixed so that users don't have SSH access unless it is granted to them; however, there are still other services that can be accessed by any user. The ones I know of off hand are the captive portal and I think also OpenVPN (if using user auth. without SSL/TLS).

Privilege settings could be added for each of these for allowing access to them, preventing users from having access to more than they should. In the case of captive portal and upgrading from 1.2.x, a group could be created that has the captive portal privilege assigned to it and the captive portal users being upgraded could be made members of the group.

If implemented for 2.0 and if it would be desired to not break existing configurations from 2.0 when people upgrade to a newer snapshot (requiring that they fix their users), a checkbox could be added on each service that has a privilege setting to enable checking the privileges, which would be checked in the default configuration and on upgrades from 1.2.x but left alone on existing 2.0 configurations. Not sure whether this last thing is really necessary, but I figured I'd just put the idea here anyway.