cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

77
Views
0
Helpful
2
Replies
Beginner

PI 3.0 and customized access rights??

Hi,

I've tried to find documentation which maps PI3.0 group rights to exact functions/menus, but no success so far. I'm looking similar documentation as LMS4.2 has when doing external AAA authentication/authorization for PI users with custom rights per domain.

Just wondering if such documentation really exists...?

/Mikko

2 REPLIES 2
VIP Mentor

Hey I thought you could do

Hey I thought you could do this by assigning certain users to certain groups not sure how customizable it is but you should be able to restrict them to monitoring fi your concerned about users making changes and effecting the system

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/administrator/guide/PIAdminBook/maint_user_access.html#57140

Table 11-1 Default User Groups

User Group
Provides access to
Editable?

Admin

All Prime Infrastructure administration tasks.

Yes

Config Managers

All monitoring and configuration tasks.

Yes

Lobby Ambassador

User administration for Guest user only.Members of this user group cannot also be members of any other user group.

No

Monitor Lite

Monitoring of assets only. Members of this user group cannot also be members of any other user group.

No

NBI Credential

The Northbound Interface Credential API.

No

NBI Read

The Northbound Interface Read API.

No

NBI Write

The Northbound Interface Write API.

No

North Bound API User

All Northbound InterfaceAPIs. Members of this user group cannot also be members of any other user group. This is a special group that lacks access to the Prime Infrastructure user interface; see “North Bound API User Group” in Related Topics.

No

Root

Superuser access to the web root user. This user group is reserved for the local root user only; no other users should be assigned to this user group.

No

Super Users

All Prime Infrastructure tasks.

Yes

System Monitoring

Monitoring tasks only.

Yes

User Assistant

Local Net user administration only. Members of this user group cannot also be members of any other user group.

No

User-Defined 1

A user-selectable mix of functions.

Yes

User-Defined 2

User-Defined 3

User-Defined 4

mDNS Policy Admin1

All mDNS policy administration functions only.

No

Highlighted
Beginner

Hi Mark,

Hi Mark,

Yes, I know these options, but problem is that I'm using external AAA and User Defined group for customized access rights. Problem is that these 'Tasks' are not that descriptive and not clearly correlated to menu/function structure in PI.

For example if I want to allow user to configure network devices using templates, per access request, it requires access rights to "Features & Technologies", but looking into group configuration, which task in "Network Configuration" points to that (without doing some predictive guessing ;) ).

So what I'm looking for is similar documentation for PI as LMS has (Understanding LMS Tasks) - and have not seen such (yet).

/Mikko

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards