Nodegrid allows you to create users and groups, and set the appropriate permissions for them.
For example, user John belongs to group system-test, and the this group will be able to configure Nodegrid, track system information, and terminate session.
Here is the configuration for this scenario:
Configuration via WebUI
1. Log in as admin, and go to Security page.
2. In Local Accounts page, click on Add button.
3. Enter username john, and his password, e.g., john. Save.
4. Then go to Authorization.
5. Click on Add and enter the group name, e.g. system-test.
6. Then click on the name system-test.
7. Click on Add in Members page, and add john moving from the left to the right list. Save.
8. Click on Profile, and move the following permissions from the left to the right list:
- Configure System
- Track System Information
- Terminate Sessions
9. Click on Devices, and then Add. Move the devices from the left to the right list. Save.
10. After that go to Services, and enable "Device access enforced via user group authorization" parameter. Save.
Configuration via CLI
1. Access Nodegrid via ssh, telnet, or console and log in as admin
2. Copy the following lines below, and paste them at the CLI prompt:
set /settings/authorization/system-test/profile/ configure_system=yes
set /settings/authorization/system-test/profile/ track_system_information=yes
set /settings/authorization/system-test/profile/ terminate_sessions=yes
set /settings/authorization/system-test/profile/ devices=<device1>,<device2>,<device3>
set /settings/services/ device_access_per_user_group_authorization=yes
Note: you can also add remote users (e.g, from Radius, Tacacs+, LDAP/AD user database) to the Nodegrid User Groups.
In step 7 (from Configuration via WebUI), add the remote users in the 'Remote Users' field, separated with comma.
To add remote users via CLI, then type the following: