Configure Role-based Access Control
RBAC users for AmpCon
AmpCon offers role-based access control for various workflows. Roles with the following responsibilities are supported:
- Super User
- Provides access to all AmpCon functions
- Only role that can create new users
- Admin
- Provides access to all AmpCon functions, including creating and maintaining templates
- Operator
- Cannot change templates or AmpCon global settings
- Can perform all switch-related config/deployment/lifecycle/SDN functions
- Read Only
- Access to all display functions, including switch lists, alarms, and configs
- The following operations are not allowed with Read-Only access:
- Connect via SSH to switch, or change any AmpCon settings/configurations
- Run any Lifecycle functions except display and Map View
- Create/change Configs or Templates
- Run License Audits
You can create users for performing AmpCon functions using the GUI and assign each user a specific role that provides the least privilege necessary to their job.
The following example shows the necessary steps for creating a Super User role. After you log into the GUI, navigate to Users -> Manage Users and click Add User as shown below:
Create a new Super Admin user as shown below and click Create:
Notice
From v1.12.1, we improve the user password security policy.
It required the password length >= 10, include uppercase + lowercase chars and special chars (^=+&$#@! %)
User login lock function
From v1.12.1, AmpCon support to manually lock user login or automatically lock user login if user failed to login 3 time in 5min with wrong passwords.
Notice
Pay attention that only user level < "SuperAdmin" can be locked.
If a "SuperAdmin" user login with wrong password for 3 times in 5min, AmpCon will automatically locked this user login for 5min.
If a user which level is "Admin"/"Operator"/"ReadOnly", it requires a "SuperAdmin" user to manually unlock the user login in "Users" > "Manage Users".
Manually lock / unlock user
In Users > Manage Users, SuperAdmin user can check the lock / unlock status in right side table.
User can click "Unlock" button in right side "Operation" column if a user is locked.
User can click Lock" button in right side "Operation" column if user want to lock the user login for this user.
Copyright © 2024 Pica8 Inc. All Rights Reserved.