Skip to content

Permissions

Jonathan Stout edited this page Mar 21, 2018 · 15 revisions

Commands

The user_type attribute on the command tag may be used to limit or expand the scope of command permissions.

  • admin (default) - Only members of the admin workgroup may execute the command.
  • owner - Command is limited to workgroups who own the interface or created the VLAN.
  • user - Command may be run by anyone.
<command method_name='show_interface' name='show interface' type='show' user_type='owner' interaction='cli'>
  <cmd>show interface [% port %]</cmd>
</command>

VLANs

Admins

Members of the admin workgroup may add, modify, or view all VLANs on all interfaces.

Interface owners

A user may add, modify, or view all VLANs on interfaces owned by any of its workgroups.

As an interface owner it's possible to provision a VLAN in another workgroup's VLAN range. When this happens the VLAN will be visible to both workgroups, but may only be modified by the interface owner.

Other users

Users that are not admins or port owners will be restricted to viewing VLANs they have been granted access to.

Clone this wiki locally