Configure Role-based Access Control

RBAC users for AmpCon

AmpCon offers role-based access control for various workflows. Roles with the following responsibilities are supported:

  • Super User
    • Provides access to all AmpCon functions
    • Only role that can create new users
  • Admin
    • Provides access to all AmpCon functions, including creating and maintaining templates
  • Operator
    • Cannot change templates or AmpCon global settings
    • Can perform all switch-related config/deployment/lifecycle/SDN functions
  • Read Only
    • Access to all display functions, including switch lists, alarms, and configs
    • The following operations are not allowed with Read-Only access:
      • Connect via SSH to switch, or change any AmpCon settings/configurations
      • Run any Lifecycle functions except display and Map View
      • Create/change Configs or Templates
      • Run License Audits


You can create users for performing AmpCon functions using the GUI and assign each user a specific role that provides the least privilege necessary to their job.

The following example shows the necessary steps for creating a Super User role. After you log into the GUI, navigate to Users -> Manage Users and click Add User as shown below:


 Create a new Super Admin user as shown below and click Create:


Notice

From v1.12.1, we improve the user password security policy.

It required the password length >= 10, include uppercase + lowercase chars and special chars (^=+&$#@! %)


User login lock function

From v1.12.1, AmpCon support to manually lock user login or automatically lock user login if user failed to login 3 time in 5min with wrong passwords.

Notice

Pay attention that only user level < "SuperAdmin" can be locked.

If a "SuperAdmin" user login with wrong password for 3 times in 5min, AmpCon will automatically locked this user login for 5min.

If a user which level is  "Admin"/"Operator"/"ReadOnly", it requires a "SuperAdmin" user to manually unlock the user login in "Users" > "Manage Users".

Manually lock / unlock user 

In Users > Manage Users, SuperAdmin user can check the lock / unlock status in right side table.

User can click "Unlock" button in right side "Operation" column if a user is locked.

User can click Lock" button in right side "Operation" column if user want to lock the user login for this user.

Copyright © 2024 Pica8 Inc. All Rights Reserved.