Skip to content

Permissions

Jonathan Stout edited this page Mar 23, 2018 · 15 revisions

Commands

The user_type attribute on the command tag may be used to limit or expand the scope of command permissions.

  • admin (default) - Only members of the admin workgroup may execute the command.
  • owner - Command is limited to workgroups who own the interface or created the VLAN.
  • user - Command may be run by anyone.
<command method_name='show_interface' name='show interface' type='show' user_type='owner' interaction='cli'>
  <cmd>show interface [% port %]</cmd>
</command>

VLANs

The first workgroup to provision a VLAN becomes the owner of that VLAN until it's deleted. Adding a VLAN requires the workgroup have VLAN access on each interface that is added. Modifying a VLAN requires the workgroup have VLAN access on each interface that is added or removed. Deletion of VLANs is restricted to the workgroup that created the VLAN.

Admins

Members of the admin workgroup may add, delete, modify, and view all VLANs on all interfaces.

As an administrator, it's possible to provision a VLAN in another workgroup's VLAN range. When this happens the VLAN may be modified by both workgroup and administrator, however only administrators may delete it.

Interface owners

A workgroup may view all VLANs on interfaces it owns.

Other users

Users that are not admins or port owners will be restricted to creating or modifying VLANs within the ranges they have been granted access.

Clone this wiki locally