Create Roles

This section describes the steps for creating roles and assigning user(s) to those roles.

GigaVUE‑FM has the following default roles:

■   fm_super_admin — Allows a user to do everything in Fabric Manager, including adding or modifying users and configuring all AAA settings in the RADIUS, TACACS+, and LDAP tabs. Can change password for all users.
■   fm_admin — Allows a user to do everything in Fabric Manager except add or modify users and change AAA settings. Can only change own password.
■   fm_user — Allows a user to view everything in Fabric Manager, including AAA settings, but cannot make any changes.

Note:  If you are a user with read-only access you will be restricted from performing any configurations on the screen. The menus and action buttons in the UI pages will be disabled appropriately.

Starting in software version 5.7, you can create custom user roles in addition to the default user roles in GigaVUE‑FM. Access control for the default roles and the custom roles is based on the categories defined in GigaVUE‑FM. These categories provide the ability to limit user access to a set of managed inventories such as ports, maps, cluster, forward list and so on.

Refer to the following table for the various categories and the associated resources. Hover your mouse over the resource categories in the Roles page to view the description of the resources in detail.

Category

Associated Resources

All

Manages all resources

A user with fm_super_admin role has both read and write access to all the resource categories.
A user with fm_user role has only read access to all the resource categories.

Infrastructure Management

Manages resources such as devices, cards, ports and cloud resources. You can add or delete a device in GigaVUE‑FM, enable or disable cards, modify port parameters, set leaf-spine topology. The following resources belong to this category:

Physical resources: Chassis, slots, cards ports, port groups, port pairs, cluster config, nodes and so on
GigaVUE‑FM inventory resources: Nodes, node credentials
Device backup/restore: Device and cluster configuration
Device license configuration: Device/cluster licensing
Statistics: Device, port
Tags: Events, historical trending
Device security: SystemTime, System EventNotification, SystemLocalUser, System Security Policy Settings, AAA Authentication Settings,Device User Roles, LDAP Servers, RADIUS Servers, TACACS+ Servers
Device maintenance: Sys Dump, Syslog
Cloud Infrastructure resources: Cloud Connections, Cloud Proxy Server, Cloud Fabric Deployment, Cloud Configurations, Sys Dump, Syslog, Cloud licenses, Cloud Inventory.

Note:  Cloud APIs are also RBAC enabled.

 

Traffic Control Management

Manages inline resources, flow maps, GigaSMART applications, second level maps, map chains, map groups. The following resources belong to this category:

Infrastructure resources: IP interfaces, circuit tunnels, tunnel endpoints, tunnel load balancing endpoints, ARP entries
Intent Based Orchestration resources: Policies, rules
GigaSMART resources: GigaSMART, GSgroups, vPorts, Netflow exporters
Map resources: Fabric, fabric resources, flow maps, maps, map chains, map groups, map templates
Application intelligence resources: Application visibility, Metadata, application filter resources
Tag: Flow manipulation - Netflow operations, Statistics - device port
Active visibility
Inline resources: Inline networks, Inline network groups, Inline tools, Inline tool groups, Inline serial tools, Inline heartbeat profile
Cloud operation resources: Monitoring session, stats, map library, tunnel library, tools library, inclusion/exclusion maps.

Note:  Cloud APIs are also RBAC enabled.

FM Security Management

Ensures secure GigaVUE‑FM environment. Users in this category can manage user and roles, AAA services and other security operations.

System Management

Controls system administration activities of GigaVUE‑FM. User in this category are allowed to perform operations such as backup/restore of GigaVUE‑FM and devices, and upgrade of GigaVUE‑FM. The following GigaVUE‑FM resources belong to this category:

Backup/restore
Archive server
License
Storage management
Image repo config
Notification target/email

Forward list/CUPS Management

Manages the forward list configuration. The following resources belong to this category:

GTP forward list
SIP forward list

Third Party Orchestration

Used to deploy fabric components using external orchestrator.

Device Certificate Management

Manages device certificates.

Other Resource Management

Manages virtual and cloud resources

You can associate the custom user roles either to a single category or to a combination of categories based on which the users will have access to the resources. For example, you can create a ‘Physical Devices Technician’ role such that the user associated with this role can only access the resources that are part of the Physical Device Infrastructure Management.

Note:  A user with fm_admin role has both read and write access to all of the categories, but has read only access to the FM Security Management category.

To create a role

1.   On the left navigation pane, click and select Authentication> GigaVUE-FM User Management >Roles.
2. Click New Role.

3. In the New Role page, select or enter the following details:
  • Role Name: Name of the role.
  • Description: Description of the role.
  • Select Permission: In the Select Permission table, select the required permission for the various resource categories.
4. Click Apply to save the configuration.