...
| Excerpt |
|---|
Roles define the system features and commands users can access. Each user is assigned a set of permissions, or role. Lumeta comes with three pre-defined roles that you can assign to a user. You can assign all three rolls to a user, two of the roles to a user, or none of the rolls to a user. SysAdmin - Manages the system. Is concerned with details at device level (i.e., software and hardware). Can manage the Lumeta System (Installation of License, Upgrading the System, Configuring CEF, Resetting the IP, Restarting services or system). The SysAdmin cannot log in to the Lumeta GUI unless he or she has also been given the Viewer role, the Manager role, or has been flagged as a superuser.
Manager - Concerned with Lumeta-specific details. Manages the Organization to which he/she belongs. Creates zones and collectors, assigning roles to users, subscribes to notifications, configures dashboards.
Manager can access the following commands in CLI:
Viewer - Read only. User cannot manipulate zones or Lumeta system software or hardware. Views the organization to which he/she belongs. Can view zones, collectors, maps, and dashboards.
|
Permissions
- GREEN: If the role can perform the task
- RED: If the role is not allowed to perform the task
- A user with ONLY the SysAdmin Role will not be allowed to log in to GUI.
- A user with the superuser flag is allowed EVERYTHING
The following chart can help answer role-related questions such as . . .
- Which role can subscribe to notifications? (superuser, Manager and Viewer)
- Which role can add Reports/Dashboards? (superuser, Manager and Viewer)
- When a user adds Reports/Dashboards, it is visible for other users who log in? (yes)
- OSPF, CEF configuration, which role can perform this? (superuser)
...
- Add
...
- Modify
...
- Delete
...
- View
...
- Add
...
- Modify
...
- Delete
...
- View
...
- Add
...
- Modify
...
- Delete
...
- View
...
- Lumeta Systems
...
- OSPF Config
...
- CEF Notifications
...
- License Installation
...
- Upgrade
...
- Add/Modify/Delete Scouts
...
- View
...
- Browse Real-time
...
- Browse Historical
...
- Schedule
...
- Basic
...
- Advanced
...
- Add Dashboards
...
- Delete
...
- View
...
User Roles
Every GUI and CLI command calls an API. Every API call has either a single permission associated with it, or no permissions at all. If no permission, or the permission NONE, anyone can use that API.
Permission | Notes |
|---|---|
| NO_ACCESS | API is disabled |
| NONE | No permission required (default) – Anyone can use the API |
| VIEW_ZONE | Viewing reports and dashboards |
| MANAGE_USERS | Adding and deleting users, assigning roles |
| MANAGE_ZONES | Adding/deleting/configuring zones and collectors |
| MANAGE_SYSTEM | All system-wide functions, like importing configs, starting/stopping services, etc. |
| MANAGE_SCOUT | Interpreted as "manage remote" for adding and deleting remote systems |
| BYPASS_ACCESS | Only superuser may use this API |
Every role has a group of permissions. If a user has a role, then that role's permissions define which APIs the user can call, and in turn which GUI and CLI commands. Superuser is not a role; it's a flag. When a user has the superuser flag enabled, the system bypasses (ignores) the roles and allows the user to run any API, and therefore any command.Some APIs require BYPASS_ACCESS permission, which means that only a superuser can use those APIs.
Role | Permissions |
|---|---|
| Manager | MANAGE_USERS, MANAGE_ZONES, VIEW_ZONE |
| SysAdmin | MANAGE_SCOUTS, MANAGE_SYSTEM |
| Viewer | VIEW_ZONE |
| PortalUser | MANAGE_SCOUTS, VIEW_ZONE |
FAQs
| Excerpt |
|---|
If a user needs access to all zones, view only, what access would they need? A user has admin right access, why can't that user see all zones? Is there any conflict or issue with multiple users logging into the same CC at the same time, under the default admin account? |
...