User Group Permissions

User Group Permissions

Nodegrid allows you to create users and groups, and set the appropriate permissions for them.

For example, user John belongs to group system-test, and the this group will be able to configure Nodegrid, track system information, and terminate session.

Here is the configuration for this scenario:


Configuration via WebUI

1. Log in as admin, and go to Security page.

2. In Local Accounts page, click on Add button.

3. Enter username john, and his password, e.g., john. Save.

4. Then go to Authorization.

5. Click on Add and enter the group name, e.g. system-test.

6. Then click on the name system-test.

7. Click on Add in Members page, and add john moving from the left to the right list. Save.

8. Click on Profile, and move the following permissions from the left to the right list:

- Configure System

- Track System Information

- Terminate Sessions

and Save.

9. Click on Devices, and then Add. Move the devices from the left to the right list. Save.

10. After that go to Services, and enable "Device access enforced via user group authorization" parameter. Save.


Configuration via CLI

1. Access Nodegrid via ssh, telnet, or console and log in as admin

2. Copy the following lines below, and paste them at the CLI prompt:

add /settings/local_accounts/

set username=john

set password=john

commit


add /settings/authorization/

set name=system-test

commit


add /settings/authorization/system-test/members

set local_users=john

commit


set /settings/authorization/system-test/profile/ configure_system=yes

set /settings/authorization/system-test/profile/ track_system_information=yes

set /settings/authorization/system-test/profile/ terminate_sessions=yes

commit


set /settings/authorization/system-test/profile/ devices=<device1>,<device2>,<device3>

commit


set /settings/services/ device_access_per_user_group_authorization=yes

commit


Note: you can also add remote users (e.g, from Radius, Tacacs+, LDAP/AD user database) to the Nodegrid User Groups.

In step 7 (from Configuration via WebUI), add the remote users in the 'Remote Users' field, separated with comma.

To add remote users via CLI, then type the following:

add /settings/authorization/system-test/members

set remote_users=usera,userb,userc

commit


    • Related Articles

    • How to Configure Active Directory or LDAP Authentication Provider

      Version 0.1 (08 May 2018) Overview NodeGrid supports the authentication and authorization of users through different authentication providers, like LDAP. This guide will look at the different authentication options which are available with LDAP or AD ...
    • Message: Error Reading SSH Protocol Banner

      Nodegrid allows 10 ssh connections enqueued during protocol negotiation phase. So if you launch more than 10 ssh sessions in parallel, there is a chance that some will be denied. This is a regular approach taken by ssh daemon to prevent denial of ...
    • Network Configuration via CLI

      Example of configuring the ETH0 interface via CLI (please, replace the network values with your own information). Log in as admin to the Nodegrid console port or HDMI Type the following commands (in bold): [admin@nodegrid /]# cd ...
    • Wireguard Configuration

      Wireguard Configuration Last Tested in Nodegrid Version 4.1.9 Overview Wireguard is a current tunnel solution which is part of current Linux distributions. The Solutions are making its way into the some business applications and is for example ...
    • Ansible configuration on remote Nodegrid devices

      Ansible playbook can be used to automate remote devices. Every remote device needs to have one ansible user to apply the automation. Follow this script to have complete configuration of ansible user, ssh keys, sudo permission on remote Nodegrid ...