Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

Roles define the system features and commands users can access. Each user is assigned a set of permissions, or role.

Lumeta comes with three pre-defined roles that you can assign to a user. You can assign all three rolls to a user, two of the roles to a user, or none of the rolls to a user.

SysAdmin - Manages the system. Is concerned with details at device level (i.e., software and hardware). Can manage the Lumeta System (Installation of License, Upgrading the System, Configuring CEF, Resetting the IP, Restarting services or system). The SysAdmin cannot log in to the Lumeta GUI unless he or she has also been given the Viewer role, the Manager role, or has been flagged as a superuser.

Manager - Concerned with Lumeta-specific details. Manages the Organization to which he/she belongs. Creates zones and collectors, assigning roles to users, subscribes to notifications, configures dashboards.
Manager can access GUI for the following functionality:

  • Can modify users – can edit the roles and password of a user.
  • Can add/modify/delete zones

  • Can add/modify collectors (and all its sub functionality)

  • Can configure notifications

  • Can not configure CEF notifications

  • Can view reports, maps and zones

Manager can access the following commands in CLI:

Viewer - Read only. User cannot manipulate zones or Lumeta system software or hardware. Views the organization to which he/she belongs. Can view zones, collectors, maps, and dashboards.

  • Viewer cannot run postinstall_wizard
  • Viewer can access limited GUI and can only access Notifications under Admin dropdown menu
  • Can click on Dashboard, Maps, Zones, Notifications menu item
  • Viewer can access the following commands in CLI:
  • collector list
  • Lumeta - cannot run this command
  • og – cannot run this command
  • organization active
  • organization list
  • role list
  • system {hardware_id, interface, type, version}
  • user list
  • user password (only his own)
  • zone list

    Image Added

    Permissions

    • GREEN: If the role can perform the task
    • RED: If the role is not allowed to perform the task
    • A user with ONLY the SysAdmin Role will not be allowed to log in to GUI.
    • A user with the superuser flag is allowed EVERYTHING

    ...