This section explains how to assign system permissions to group profiles. You can manage user access using permission sets without changing the user profiles. The following table lists:
Available permissions for users.
Description of the permission.
Web UIs and commands demonstrating the functions enabled for the user when each corresponding permission is enabled.
Permission | Description | Commands Enabled |
|---|
Track System Information | Allows access to track information about the Nodegrid devices and the devices connected to them. The information includes the Event List, System Usage, Discovery Logs, and so on as indicated in the following figure. | event_list
routing_table
system_usage
discovery_logs
serial_statistics
serial_ports_summary
lldp
ipsec_table
mac_table
wireguard
hotspot
qos
dhcp
dhcp_ranges
flow_exporter
network_statistics
network_failover_status
network_failover_history
switch_statistics
mstp_statistics
usb_devices
usb_serial_stats
wireless_modem
gps
geo_fence
bluetooth
scheduler_logs
hw_monitor
zpe_cloud
about
firewall_table
nat_table
|
Terminate Sessions | Allows to terminate any open Nodegrid sessions. | cluster_peers
cluster_clusters
open_sessions
device_sessions
about
|
Software Upgrade and Reboot System | Allows to upgrade and reboot the Nodegrid software. | toolkit
about
|
Configure System | Allows to configure the system. | system/about/
system/fips/
settings/zpe_cloud
settings/fips_140
settings/license
settings/flow_exporter
settings/qos
settings/system_preferences
settings/slots
settings/custom_fields
settings/remote_file_system
settings/system_logging
settings/date_and_time
settings/ntp_authentication
settings/ntp_server
settings/dial_up
settings/sms_settings
settings/sms_whitelist
settings/scheduler
settings/devices
settings/types
settings/auto_discovery
settings/power_menu
settings/devices_session_preferences
settings/devices_views_preferences
settings/cluster
settings/network_settings
settings/network_connections
settings/network_failover
settings/switch_interfaces
settings/switch_backplane
settings/switch_vlan
settings/switch_global
settings/switch_acl
settings/switch_lag
settings/switch_mstp
settings/switch_port_mirroring
settings/switch_dhcp_snooping
settings/802.1x
settings/static_routes
settings/hosts
settings/snmp
settings/dhcp_server
settings/dhcp_relay
settings/authentication
settings/ipv4_firewall
settings/ipv6_firewall
settings/ipv4_nat
settings/ipv6_nat
settings/ssl_vpn
settings/central_management
settings/ipsec
settings/wireguard
settings/frr
settings/routing
settings/wireless_modem
settings/services
settings/certificates
settings/geo_fence
settings/auditing
If you select the option Restrict Configure System Permission to Read Only, all commands from the above list are disabled except for:
acknowledge_alarm_state
edit
event_system_audit
|
Configure User Accounts | Allows to configure users and groups such as admin users, root users, and so on. To enable Configure User Accounts, Configure System Settings must also be enabled. | system/about/
system/fips/
settings/zpe_cloud
settings/fips_140
settings/license
settings/flow_exporter
settings/qos
settings/system_preferences
settings/slots
settings/custom_fields
settings/remote_file_system
settings/system_logging
settings/date_and_time
settings/ntp_authentication
settings/ntp_server
settings/dial_up
settings/sms_settings
settings/sms_whitelist
settings/scheduler
settings/devices
settings/types
settings/auto_discovery
settings/power_menu
settings/devices_session_preferences
settings/devices_views_preferences
settings/cluster
settings/network_settings
settings/network_connections
settings/network_failover
settings/switch_interfaces
settings/switch_backplane
settings/switch_vlan
settings/switch_global
settings/switch_acl
settings/switch_lag
settings/switch_mstp
settings/switch_port_mirroring
settings/switch_dhcp_snooping
settings/802.1x
settings/static_routes
settings/hosts
settings/snmp
settings/dhcp_server
settings/dhcp_relay
settings/local_accounts
settings/password_rules
settings/authorization
settings/authentication
settings/ipv4_firewall
settings/ipv6_firewall
settings/ipv4_nat
settings/ipv6_nat
settings/ssl_vpn
settings/central_management
settings/ipsec
settings/wireguard
settings/frr
settings/routing
settings/wireless_modem
settings/services
settings/certificates
settings/geo_fence
settings/auditing
|
Apply & Save Settings | Executes Nodegrid device configurations Apply settings and Save Settings. | toolkit
about
|
Shell Access | Enables shell access to the Nodegrid device. | about
|
Manage Devices | Enables access to devices connected to the Nodegrid device. Enabling manage devices will require enabling at least one of the following permissions at the device level. Device permissions include: You can enable either Manage Devices or Configure System permission. Both these permissions cannot be selected together for a device. | access/
management/
logging/
custom_fields/
commands/
|
Procedure
To configure a user profile:
Go to Security :: Authorization.
Click on the Group Name.
Click on the Profile sub-tab.
In the System Permissions menu:
To add, select from the left-side panel, and click Addâ–º to move to the right-side panel. To remove from the right-side panel, select, and click â—„Remove.
Select Restrict Configure System Permission to Read Only checkbox (granted system settings are visible but cannot be changed)
In the Profile Settings menu:
Select the Menu-driven access to devices checkbox (group members presented a target menu when SSH connection to the Nodegrid device is established).
Select the Sudo permission checkbox (users can execute sudo commands).
Select the Custom Session Timeout checkbox (enables a custom session time).
Set Timeout [seconds].
On the Startup application menu, select one (Cli, Shell).
In the Devices Related Events menu, enter Email Events to (comma-separated)
Email Event Categories and Email Destinations are configured in the Auditing section.
Click Save.
.png "tracking(1).png"){kind=tracking}
