Director RBAC for Device Groups
Hi Community,
What is the best way using Director RBAC to allow operator read access + write access only for device groups.
Use case scenario, NOC uses Concerto to manage SDWAN, but they need Director access to enable 2FA for device ZTP which is done in a device group. For the rest in Director they should be allowed with read only access.
thanks
Share :
Comments
-
Hi @fun4net ,
Sure, this can be done. You can create custom user role (or modify existing one, if you already have it).
Key element would be to extend "DEVICE_GROUP_MANAGEMENT" Privilege actions to "Update". As I've understood from your scenario, you don't want to allow them to create or delete Device Groups - only to modify, so "Update" would be the minimal privilege extension.
This can be done in Director's Administration->Director User Management-> Provider or Organization sections (depending the scope of your NOC). Then switch to "Custom User Roles" section and add or modify NOC user role accordingly. If you create a new User Role, you would need to associate NOC users with it in your auth directory (whatever you use).
Comprehensive reference can be found here: https://docs.versa-networks.com/Management_and_Orchestration/Versa_Director/Configuration/Configure_AAA#Configure_RBAC
-
thank you
/* */