-
Notifications
You must be signed in to change notification settings - Fork 4
Permissions
The user_type
attribute on the command tag may be used to limit or expand the scope of command permissions.
-
admin
(default) - Only members of the admin workgroup may execute the command. -
owner
- Command is limited to workgroups who own the interface or created the VLAN. -
user
- Command may be run by anyone.
<command method_name='show_interface' name='show interface' type='show' user_type='owner' interaction='cli'>
<cmd>show interface [% port %]</cmd>
</command>
Members of the admin workgroup may add, modify, or view all VLANs on all interfaces.
As an administrator it's possible to provision a VLAN in another workgroup's VLAN range or on an interface owned by another workgroup. When this happens the VLAN may be modified by both workgroup and administrator.
A user may add, modify, or view all VLANs on interfaces owned by any of its workgroups.
As an interface owner it's possible to provision a VLAN in another workgroup's VLAN range. When this happens the VLAN may be modified by both workgroup and owner.
Users that are not admins or port owners will be restricted to viewing VLANs they have been granted access to.