User Group Permissions

User Group Permissions

Nodegrid allows you to create users and groups, and set the appropriate permissions for them.

For example, user John belongs to group system-test, and the this group will be able to configure Nodegrid, track system information, and terminate session.

Here is the configuration for this scenario:


Configuration via WebUI

1. Log in as admin, and go to Security page.

2. In Local Accounts page, click on Add button.

3. Enter username john, and his password, e.g., john. Save.

4. Then go to Authorization.

5. Click on Add and enter the group name, e.g. system-test.

6. Then click on the name system-test.

7. Click on Add in Members page, and add john moving from the left to the right list. Save.

8. Click on Profile, and move the following permissions from the left to the right list:

- Configure System

- Track System Information

- Terminate Sessions

and Save.

9. Click on Devices, and then Add. Move the devices from the left to the right list. Save.

10. After that go to Services, and enable "Device access enforced via user group authorization" parameter. Save.


Configuration via CLI

1. Access Nodegrid via ssh, telnet, or console and log in as admin

2. Copy the following lines below, and paste them at the CLI prompt:

add /settings/local_accounts/

set username=john

set password=john

commit


add /settings/authorization/

set name=system-test

commit


add /settings/authorization/system-test/members

set local_users=john

commit


set /settings/authorization/system-test/profile/ configure_system=yes

set /settings/authorization/system-test/profile/ track_system_information=yes

set /settings/authorization/system-test/profile/ terminate_sessions=yes

commit


set /settings/authorization/system-test/profile/ devices=<device1>,<device2>,<device3>

commit


set /settings/services/ device_access_per_user_group_authorization=yes

commit


Note: you can also add remote users (e.g, from Radius, Tacacs+, LDAP/AD user database) to the Nodegrid User Groups.

In step 7 (from Configuration via WebUI), add the remote users in the 'Remote Users' field, separated with comma.

Note: this setting is case sensitive and must match the exact value as given by by the remote authentication service.

To add remote users via CLI, then type the following:

add /settings/authorization/system-test/members

set remote_users=usera,userb,userc

commit


    • Related Articles

    • Role Based Access Administration

      Role Based Access Administration & User Configuration On the Nodegrid, you could give limited access to certain users based on their roles within certain groups. Let's say, you want give the Cisco managers access only the Cisco Routers & Switches, ...

    • How to Configure Active Directory or LDAP Authentication Provider

      Version 0.1 (08 May 2018) Overview NodeGrid supports the authentication and authorization of users through different authentication providers, like LDAP. This guide will look at the different authentication options which are available with LDAP or AD ...

    • How to: Add Devices to a Group in ZPE Cloud

      Adding devices to specific groups in ZPE Cloud helps organize and manage your network infrastructure effectively. By assigning devices to a group, you can control access and visibility of devices for users in that group. Here's a step-by-step guide ...

    • How to: Create a ZPE Cloud accounts for the same domain for different company entities

      To create ZPE Cloud users, you must have a ZPE Cloud account. ZPE Cloud accounts are bonded to your company. Company is the denomination of your tenant in ZPE Cloud. The ZPE Cloud account manages the ZPE Cloud company. 1. Access zpecloud.com or ...

    • How to configure Nodegrid for OKTA in cluster

      Single Sign-on (SSO) enables users to authenticate with multiple applications using only one set of credentials. Nodegrid can also be configured for OKTA in cluster so okta user can login in the coordinator and the user can access the connected ...