Skip to content

Permissions

Jonathan Stout edited this page Mar 22, 2018 · 15 revisions

Commands

The user_type attribute on the command tag may be used to limit or expand the scope of command permissions.

  • admin (default) - Only members of the admin workgroup may execute the command.
  • owner - Command is limited to workgroups who own the interface or created the VLAN.
  • user - Command may be run by anyone.
<command method_name='show_interface' name='show interface' type='show' user_type='owner' interaction='cli'>
  <cmd>show interface [% port %]</cmd>
</command>

VLANs

Deletion of VLANs is restricted to the admin workgroup and the workgroup that created the VLAN.

Admins

Members of the admin workgroup may add, modify, or delete all VLANs on all interfaces.

As an administrator, it's possible to provision a VLAN in another workgroup's VLAN range. When this happens the VLAN may be modified by both workgroup and administrator.

Interface owners

A workgroup may add, modify, or delete all VLANs on interfaces it owns. In order to delete an entire VLAN, the workgroup must own all associated interfaces.

As an interface owner, it's possible to provision a VLAN in another workgroup's VLAN range. When this happens the VLAN may be modified by both workgroup and owner.

Other users

Users that are not admins or port owners will be restricted to creating or modifying VLANs within the ranges they have been granted access.

Clone this wiki locally