Introduction to Tags

Managing a large number of clusters and nodes in GigaVUE-FM can be a daunting challenge. Using tags, GigaVUE‑FM lets you group similar types of clusters and objects such as ports, port groups, GigaSMART groups, GigaStreams, port pairs and maps. User-defined tags can be associated to clusters as well as other objects.

Note:  Starting in software version 5.10.xx, the number of tag Ids per object is not limited to any hard-coded number nor is the number of tag values per tag ID. However, the following numbers have been qualified: A maximum of 20 tag Ids per object and a maximum of 20 tag values per tag Id.

To create tag, you must be a user with fm_super_admin or a user with write access to the FM Security Management category. You can create the following types of tags:

  • Access Control Tags
  • Aggregation Tags

Based on the number of values they take, tags can be of the following types:

  • Single valued: If a tag id is single-valued, then the resource can be assigned only a single tag value.
  • Multi valued: If a tag id is multi-valued, then the resources can be assigned multiple tag values.

RBAC Tags (Access Control Tags)

Starting in software version 5.8.00, you can use tags for access control operations by associating tags to user groups. Access control tags control the way the users access the resources such as clusters, ports, port groups, GigaSMART groups, GigaStreams, port pair and map. You can use the tags for access control operations in the following ways:

  • To associate the resources in the system to tag keys and their associated values.
  • To associate the user groups in the system to tag keys and their associated values.

Thus, the tags for access control are associated to the resources as well as to the user groups. The users will be able to access the resources only if the tag value, by virtue of the user group they belong to, matches the tag value of the resources. Tag keys and the corresponding tag values are created in advance in the system. The tag keys are also associated to the tag values in advance.

When a user with a specific tag key and tag value creates a map, the tag key and tag value of the user is associated with the map that is created.

You can define the tag key and tag value depending on what the user is required to perform. Refer to the following examples:

User

User Group

Role

Tag Key and Tag Value

Accessibility

User 1

Super admin group

fm_super_admin

[Read/write access to all resources]

Tag Key = All

Tag Value = All

The user can:

  • add, edit, delete, view all resources
  • can add or modify users, and configure all AAA settings
  • associate any tag value to any of the resources.

User 2

Admin group

fm_admin

[Read access to FM Security Management Category]

[Read/Write access to all other categories]

 

Tag Key = All

Tag Value = All

The user can:

  • add, edit, delete, view all resources
  • cannot add or modify users and cannot configure the AAA settings
  • can change his own password
  • associate any tag value to any of the resources.

User 3

View only user group

fm_user

[Read access to all resources]

 

Tag Key = All

Tag Value = All

The user

  • can only view all the resources. The role does not allow the user to add, edit or delete resources
  • cannot associate tag keys to the resources

User 4

Custom user group

Custom role

[Read/Write access to resources that belong to Physical Device Infrastructure Management]

 

 

Tag Key = Specific tag keys based on the resources to be controlled by the admin user (example location)

Tag Value = All

The user can:

  • manage the resources for which the user has permission depending on their role
  • can tag/untag ports and other resources for which the user has permission, depending on the role

User 5

Custom user group

Custom role

[Read access to resources that belong to Physical Device Infrastructure Management

Read/write access to resources that belong to Traffic Control Management Resources]

 

Tag Key = Specific tag keys based on the resources to be controlled by the admin user (example location)

Tag Value = Specific location, e.g. Dubai

The user can:

  • use the resources that belong to the location Dubai
  • create a map using the port that has location=Dubai (tag key and value). The map that gets created will have the same tag location=Dubai automatically.

  • cannot tag/untag ports and other resources for which the user has permission, depending on the role

 

 

User Association with Roles and Tags

Refer to the Create User Groups section for more details about roles and tags.