Create Roles
This section describes the steps for creating roles and assigning user to those roles using the GigaVUE-FM UI.
Note: Before creating roles, refer to About Role-Based Access.
GigaVUE-FM UI has three built-in roles for specifying which users have access to a given port. These roles are:
|
•
|
fm_super_admin — Allows a user to do everything in Fabric Manager, including adding or modifying users and configuring all AAA settings in the RADIUS, TACACS+, and LDAP tabs. Can change password for all users. |
|
•
|
fm_admin — Allows a user to do everything in Fabric Manager except add or modify users and change AAA settings. Can only change own password. |
|
•
|
fm_user — Allows a user to view everything in Fabric Manager, including AAA settings, but cannot make any changes. |
Starting in software version 5.7, you can create custom user roles in addition to the default user roles in GigaVUE-FM. Access control for the default roles and the custom roles is based on the categories defined in GigaVUE-FM. These categories provide the ability to limit user access to a set of managed inventories such as ports, maps, cluster, whitelist and so on.
Note: Custom roles are available to users with prime package license. If you do not have a prime license, then GigaVUE-FM supports only the default roles mentioned above.
Refer to the following table for the various categories and the associated resources:
Note: Hover your mouse over the resource categories in the Roles page to view the description of the resources in detail.
|
Category
|
Associated Resources
|
|
All
|
Manages all resources
|
•
|
A user with fm_super_admin role has both read and write access to this category. |
|
•
|
A user with fm_user role has only read access to this category |
|
|
Physical Device Infrastructure Management
|
Manages physical resources such as devices, cards, ports, etc. You can add or delete a device in GigaVUE-FM, enable or disable cards, modify port parameters. The following resources belong to this category:
|
•
|
Physical resources: Chassis, slots, cards ports, port groups, port pairs, cluster config and so on |
|
•
|
GigaVUE-FM inventory resources: Nodes and node credentials |
|
•
|
Device configuration (backup/restore): System configuration |
|
•
|
Device license configuration: Device/cluster licensing |
|
•
|
Tags: events, traffic analyzer, historical trending |
|
•
|
Device security: SystemTime, System EventNotification, SystemLocalUser, System Security Policy Settings, AAA Authentication Settings,Device User Roles, LDAP Servers, RADIUS Servers, TACACS+ Servers, |
|
•
|
Device maintenance: Sys Dump, Syslog |
|
|
Traffic Control Management
|
Manages flow maps and GigaSMART applications. The following resources belong to this category:
|
•
|
Infrastructure resources: IP interfaces, Circuit tunnels, Tunnel endpoints, Tunnel load balancing endpoints, ARP entries |
|
•
|
GigaSMART resources: GigaSMART, GSgroups, vPorts, Netflow exporters, |
|
•
|
Map resources: Fabric, fabric resources, fabric maps, maps, map chains, map groups, Map groups, Map templates |
|
•
|
Application intelligence resources: Application visibility, Metadata, application filter resources |
|
|
FM Security Management
|
Secures the GigaVUE-FM environment. Users in this category manage user and roles, AAA services and other security operations.
|
|
System Management
|
Controls system administration activities of GigaVUE-FM. User in this category are allowed to perform operations such as backup/restore of GigaVUE-FM and devices, and upgrade of GigaVUE-FM. The following resources belong to this category:
|
|
Whitelist/CUPS Management
|
Manages the whitelist used for GTP. The following resources belong to this category:
|
|
Device Certificate Management
|
Manages GigaVUE-FM and device certificates. The following SSL security resources belong to this category:
|
|
Other Resource Management
|
Inline Networks, Inline Network Lags, Inline Network groups, and virtual and cloud resources
|
You can associate the custom user roles either to a single category or a to combination of categories based on which the users will have access to the resources. For example, you can create a ‘Physical Devices Technician’ role such that the user associated with this role can only access the resources that are part of the Physical Device Infrastructure Management.
Note: A user with fm_admin role has both read and write access to all of the categories, but has read only access to the FM Security Management category.
Note: GigaVUE-FM CLI has the following built-in role:
|
•
|
This role is essential for GigaVUE-FM upgrades. All GigaVUE-FM software come with the default admin role. This role is also available on the UI. |
|
•
|
Take care to not delete this role. |
To create a role, do the following:
|
1.
|
On the right side of the top navigation bar, click  . |
|
2.
|
On the left navigation pane, select Authentication > User Management > Roles. |
|
3.
|
Click Create. In the Wizard that appears, perform the following steps. Click Continue to progress forward and click Back to navigate backwards and change details. |
Figure 275: Create Roles
|
•
|
Description: Description for the role |
|
b.
|
Select Permissions: Select the required resources. Select the required read and write permissions for the resources selected. |
|
c.
|
Assign Users: You can either assign this role to the existing users or skip this step. |
|
d.
|
Review: You can review the role that you created in this step. Click Save to create the role. |
MORE INFORMATION 
