After you deploy AmpCon-Campus, you can manage user access so that users are assigned with appropriate permissions.
Role-Based Access Control
Role-Based Access Control (RBAC) is used to permit individual users to perform specific actions and get visibility to an access scope. Each user can be assigned to a specific role with associated permissions.
In AmpCon-Campus, the following four types of user roles are supported. The permission levels are as follows: SuperAdmin > Admin > Operator > Readonly.
SuperAdmin
Provides access to all AmpCon-Campus functions
The only role that can manage users
Admin
Provides access to almost all AmpCon-Campus functions
Can’t manage groups and users
Can’t access Switch model and System Config
Operator
Provides access to most of AmpCon-Campus functions
Can’t manage groups and users
Can’t access Switch model and System Config
Can’t view and manage licenses and can’t view license logs
Readonly
Views limited pages such as switches, Topology, Config Files, and alarms
Accesses Template Verify and Config Snapshot Diff
Adding a Global User or a Group User
When you add a user, you need to select a user role for the user and specify the user type (a group user or a global user). A group user means that the user is a member of a specific group. A global user means that the user is not limited to a group.
Note: Only users with SuperAdmin permissions have access to the User Management section. Adding, editing, or deleting users, login restrictions, and TACACS+ configuration are only available to SuperAdmin users.
To add a user, follow these steps:
In the AmpCon-Campus UI, click System > User management.
Click Add User, and enter the following information:
User Name: The user name
User Password: The password of the user
Confirm Password: The password of the user
User Role: Select SuperAdmin, Admin, Operator, or Readonly. The permissions of the role is granted to the user.
User Type: Select Global or Group.
Email: The email of the user
Click OK.
Deleting a User
To delete a user, follow these steps:
In the AmpCon-Campus UI, click System > User management.
On the ”User Management” page, locate a user on the “User management” page, and then click Delete.
Editing a User
To edit a user, follow these steps:
In the AmpCon-Campus UI, click System > User management.
On the “User Management” page, locate a user, and click Edit.
Modify user configurations as you need.
Click OK.
Setting Login Restrictions
To lock a user, follow these steps:
In the AmpCon-Campus UI, click System > User management.
On the ”User Management” page, locate a user, and click Lock.
In the pop-up window, click Yes to confirm the lock operation.
User Permission on Menu Pages
First-level menu | Second-level menu | Third-level menu | Fourth-level menu | SuperAdmin | Admin | Operator | Readonly |
Dashboard | Global View | √ | √ | √ | √ | ||
Switch View | √ | √ | √ | √ | |||
Telemetry Dashboard | √ | √ | √ | √ | |||
Resource | Upgrade Management | √ | √ | √ | × | ||
Authority Management | Device License Management | License Audit | √ | √ | √ | × | |
License Action | √ | √ | √ | × | |||
Local License | √ | √ | √ | × | |||
Group Management | √ | × | × | × | |||
Fabric Management | √ | √ | √ | × | |||
Service | Switch | Switch | √ | √ | √ | √ | |
Global Configuration | √ | √ | √ | × | |||
Switch Configuration | √ | √ | √ | × | |||
Config Files View | √ | √ | √ | √ | |||
Switch Model | √ | × | × | × | |||
System Config | √ | × | × | × | |||
Config Template | New Template | √ | √ | √ | × | ||
Template List | √ | √ | √ | × | |||
Push Config | √ | √ | √ | × | |||
Template Verify | √ | √ | √ | √ | |||
Config Snapshot Diff | √ | √ | √ | √ | |||
Config Backup | √ | √ | √ | × | |||
Monitor | Alarm | √ | √ | √ | √ | ||
Maintain | Automation | Playbooks | √ | √ | √ | × | |
Other Devices | √ | √ | √ | × | |||
Ansible Jobs List | √ | √ | √ | × | |||
Schedule | √ | √ | √ | × | |||
System Backup | √ | √ | √ | × | |||
CLI Configuration | √ | √ | √ | √ | |||
System | User Management | √ | × | × | × | ||
Software Managenment | License View | √ | √ | × | × | ||
License Management | √ | √ | × | × | |||
License Log | √ | √ | × | × | |||
Topo | Topology | √ | √ | √ | √ |
User Permission on Functions
Functional module | Second-level section | SuperAdmin | Admin | Operator | Readonly |
Upgrade Management | √ | √ | √ | × | |
Permission Management | Device License Management | √ | √ | √ | × |
Group Management | √ | × | × | × | |
Group Management | √ | √ | √ | × | |
Switch Operations Management | √ | √ | √ | × Note: The Readonly role can only view switches, switch configurations, and configuration snapshot comparisons. | |
Monitoring and Alarm Management | √ | √ | √ | √ | |
Automation | √ | √ | √ | × | |
CLI Configuration | √ | √ | √ | √ | |
Database Management | √ | √ | √ | × | |
System Backup Management | √ | √ | √ | × | |
User Management | √ | × | × | × | |
Software License Management | √ | √ | × | × | |
Topology Management | √ | √ | √ | √ |