-
Notifications
You must be signed in to change notification settings - Fork 4
Permissions
The user_type
attribute on the command tag may be used to limit or expand the scope of command permissions.
-
admin
(default) - Only members of the admin workgroup may execute the command. -
owner
- Command is limited to workgroups who own the interface or created the VLAN. -
user
- Command may be run by anyone.
<command method_name='show_interface' name='show interface' type='show' user_type='owner' interaction='cli'>
<cmd>show interface [% port %]</cmd>
</command>
Modifying a VLAN requires the workgroup have VLAN access on each interface that is added or removed. The admin workgroup may modify the VLAN to include any interfaces.
Deletion of VLANs is restricted to the admin workgroup and the workgroup that created the VLAN.
Members of the admin workgroup may add, modify, or delete all VLANs on all interfaces.
As an administrator, it's possible to provision a VLAN in another workgroup's VLAN range. When this happens the VLAN may be modified by both workgroup and administrator, however only administrators may delete it.
A workgroup may add, modify, or delete all VLANs on interfaces it owns. In order to delete an entire VLAN, the workgroup must own all associated interfaces.
As an interface owner, it's possible to provision a VLAN in another workgroup's VLAN range. When this happens the VLAN may be modified by both workgroup and owner.
Users that are not admins or port owners will be restricted to creating or modifying VLANs within the ranges they have been granted access.