Role-based Permissions and Access

Contents

  1. Creating a Role based group
  2. Assigning a group to a user or set of users
  3. Adding Users from the Groups page
  4. Cloning Permission Groups

Role-based access can be defined at either the group or user level. If you have many users but a much smaller numbers of different permissions sets, it would make sense to use groups. In the example below, we will create a group with IP address management permissions only.

Creating a Role based group

Creating a Role based group

First, enter a name for the group.

In the “Available Permissions” box, you will see all the available permissions. You can narrow down the permissions by the search box. In the above example, we searched for all permissions that start with “ip” (not case sensitive).

Select the permissions you would like to grant the members of this group by multi-selecting and clicking the arrow in the middle pointing to the “Chosen Permissions” box.

In the image above, we have added a number of IP-related permissions and are about to add some DNS-related permissions.

And now some VLAN permissions.

Assigning a group to a user or set of users

Assigning a group to a user or set of users

You can go edit the user properties and assign the newly created group. Once you click Save, this user will now have restricted permissions.

Please make sure the Superuser Status checkbox is unchecked before you Save.

Once the user logs in, the menu they see will be limited the permissions that you have assigned to the user or to the user’s group(s).

Importantly, these permissions will apply to Imports and API calls also.

In the example, above the user see a reduced set of menu items.

Also, as shown in the screen shot above, this user will not be able to add devices in the IP address edit form because this user does not have permission to edit devices or mac addresses but the user does have permission to edit subnets.

Adding Users from the Groups page

Adding Users from the Groups page

The example above show how you can create a group and then go to the Users pages and create users. However, it is not necessary to go to the Users pages. You can add users to a group directly from the group edit page as shown above.

Cloning Permission Groups

Cloning Permission Groups

You can also clone Permission groups using the “Save as new” option. This will make it easier if you want to start from the System generated groups and add your own permissions to create groups.