Content Comparison

After you deploy AmpCon-Campus, you can manage user access so that users are assigned with appropriate permissions.

Note: Only users with SuperAdmin permissions have access to the “User Management” page. Adding, editing, or deleting users, login restrictions, and TACACS+ configuration are only available to SuperAdmin users.

Role-Based Access Control

Role-Based Access Control (RBAC) is used to permit individual users to perform specific actions and get visibility to an access scope. Each user can be assigned to a specific role with associated permissions.

In AmpCon-Campus , supports the following four types of user roles are supported. The permission levels are as follows: SuperAdmin > Admin > Operator > Readonly.

• SuperAdmin

  • Provides access to all AmpCon-Campus functions

  • The only role that can manage users and groups

• Admin

  • Provides access to almost all AmpCon-Campus functions

  • Can’t manage users and groups and users

  • Can’t access Switch model and System Config

• Operator

  • Provides access to most of AmpCon-Campus functions

  • Can’t manage users and groups and users

  • Can’t access Switch model and System Config

  • Can’t view and manage licenses and can’t view license logs

• Readonly

  • Views limited pages such as switchesDashboard, Switch, Topology, Config Files View, and alarmsAccesses Alarms

  • Provides access to CLI Configuration, Template Verify, and Config Snapshot Diff

Adding a Global User or a Group User

When you add a user, you need to select a user role for the user and specify the user type (a group user or a global user). A group user means that the user is a member of a specific group. A global user means that the user is not limited to a group.

Note: Only users with SuperAdmin permissions have access to the User Management section. Adding, editing, or deleting users, login restrictions, and TACACS+ configuration are only available to SuperAdmin users.

To add a user, follow these steps:

1. In the AmpCon-Campus UI, click System > User management.

2. Click Add User, and enter the following information:

   • User Name: The user nameusername.

   • User Password: The password of the user. The password needs to be a combination of uppercase letters, lowercase letters, numbers, and special symbols. The character count needs to be greater than 10.

   • Confirm Password: The password of the user.

   • User Role: Select SuperAdmin, Admin, Operator, or Readonly. The permissions of the role is granted to the user.

   • User Type: Select Global or Group.

   • Email: The email of the user.

3. If you select Group as the user type, select a group name from the Group Name drop-down list.

To assign the user to a new group that hasn’t been created, create a group as described in Managing Groups.

...

3. Click OK.

Deleting a User

To delete a user, follow these steps:

1. In the AmpCon-Campus UI, click System > User management.

2. On the ”User Management” page, locate a user on the “User management” page, and then click Delete.

...

Editing a User

...

1. In the AmpCon-Campus UI, click System > User management.

2. On the “User Management” page, locate a user, and then click Edit.

3. Modify user configurations information as you need.

...

4. Click OK.

...

Setting Login Restrictions

...

1. In the AmpCon-Campus UI, click System > User management.

2. On the ”User Management” page, locate a user, and then click Lock.

3. In the pop-up window, click Yes to confirm the lock operation.

...

User

...

Permissions on Functions or Menu Pages

...

First-level menu

...

Second-level menu

...

Third-level menu

...

Fourth-level menu

...

SuperAdmin

...

Admin

...

Operator

...

Readonly

...

Dashboard

...

Global View

...

√

...

√

...

√

...

√

...

Switch View

...

√

...

√

...

√

...

√

...

Telemetry Dashboard

...

√

...

√

...

√

...

√

...

Resource

...

Upgrade Management

...

√

...

√

...

√

...

×

...

Authority Management

...

Device License Management

...

License Audit

...

√

...

√

...

√

...

×

...

License Action

...

√

...

√

...

√

...

×

...

Local License

...

√

...

√

...

√

...

×

...

Group Management

...

√

...

×

...

×

...

×

...

Fabric Management

...

√

...

√

...

√

...

×

...

Service

...

Switch

...

Switch

...

√

...

√

...

√

...

√

...

Global Configuration

...

√

...

√

...

√

...

×

...

Switch Configuration

...

√

...

√

...

√

...

×

...

Config Files View

...

√

...

√

...

√

...

√

...

Switch Model

...

√

...

×

...

×

...

×

...

System Config

...

√

...

×

...

×

...

×

...

Config Template

...

New Template

...

√

...

√

...

√

...

×

...

Template List

...

√

...

√

...

√

...

×

...

Push Config

...

√

...

√

...

√

...

×

...

Template Verify

...

√

...

√

...

√

...

√

...

Config Snapshot Diff

...

√

...

√

...

√

...

√

...

Config Backup

...

√

...

√

...

√

...

×

...

Monitor

...

Alarm

...

√

...

√

...

√

...

√

...

Maintain

...

Automation

...

Playbooks

...

√

...

√

...

√

...

×

...

Other Devices

...

√

...

√

...

√

...

×

...

Ansible Jobs List

...

√

...

√

...

√

...

×

...

Schedule

...

√

...

√

...

√

...

×

...

System Backup

...

√

...

√

...

√

...

×

...

CLI Configuration

...

√

...

√

...

√

...

√

...

System

...

User Management

...

√

...

×

...

×

...

×

...

Software Managenment

...

License View

...

√

...

√

...

×

...

×

...

License Management

...

√

...

√

...

×

...

×

...

License Log

...

√

...

√

...

×

...

×

...

Topo

...

Topology

...

√

...

√

...

√

...

√

User Permission Comparison Functions

...

Functional module

...

Second-level section

...

SuperAdmin

...

Admin

...

Operator

...

Readonly

...

Upgrade Management

...

√

...

√

...

√

...

×

...

Permission Management

...

Device License Management

...

√

...

√

...

√

...

×

...

Group Management

...

√

...

×

...

×

...

×

...

Group Management

...

√

...

√

...

√

...

×

...

Switch Operations Management

...

√

...

√

...

√

×

...

Monitoring and Alarm Management

...

√

...

√

...

√

...

√

...

Automation

...

√

...

√

...

√

...

×

...

CLI Configuration

...

√

...

√

...

√

...

√

...

Database Management

...

√

...

√

...

√

...

×

...

System Backup Management

...

√

...

√

...

√

...

×

...

User Management

...

√

...

×

...

×

...

×

...

Software License Management

...

√

...

√

...

×

...

×

...

Topology Management

...

√

...

√

...

√

...

For functions or memu pages in the AmpCon-Campus UI, different user roles have different permissions. For more information, see the User Permission Tables topic.

Configuring TACACS+ Authentication and Authorization

In addition to using local users (global users or group users), you can also enable the TACACS+ integration to manage user access. For more information, see the Configuring TACACS+ Authentication and Authorization topic.