The Users and User Groups Role Management Screen displays all currently-configured User Roles. The screen is used to create, edit, or delete User Roles. The User Role feature enables you to specify user rights for specific OmniVista applications and devices. A User Role is associated with a User Group to define access for users assigned to the group. OmniVista Cirrus is shipped with three pre-configured User Roles:
Note: Specific rights for each OmniVista Cirrus application for the above system-defined Roles can be viewed by clicking on a Role in the Existing Roles Table to view the Details window.
Click on the Create icon to launch the Role Management Wizard and configure and create a User Role. Complete the fields as described below. Click on the Next button to move to the next window. When you are finished, click on the Create button.
Complete the fields below to specify which Topology maps a user can access.
Select the OmniVista application access for the user. Only those applications you configure (either Read or Write access) will be available to the user. By default, Read access is pre-selected for Topology (if map access is configured), System Preferences and Users and User Groups. Read/Write access is pre-selected for User Preferences and Report.
Specify the VLANs and or VXLANs the user can access for VLAN/VXLAN configuration. The user will be able to perform VLAN/VXAN operations on these VLANs/VXLANs for devices specified in the Role Info and Map Access window above. This parameter is optional.
Review the configuration. Click on the Back button to make any changes.
Click on a User in the Existing Users Table and click on the Edit icon. Edit any fields as necessary and/or edit the User Groups at the bottom of the screen to re-assign the User to a different User Group. When you are done, click Apply. You will be returned to the User Management Screen. Note that you cannot edit the User Login field. Note that you cannot edit a system-defined User Role.
Select a User(s) in the Existing Users Table, click on the Delete icon, then click OK. Note that you cannot delete a system-defined User Role.
The Existing Roles Table displays all configured Users. Click on a User Role in the table for more details.
Basically, the User Role feature allows you to limit users to specific network devices and OmniVista applications. For example, OmniVista users with Admin rights can view and manage every device in the network, and have read/write access for all applications. With the User Role feature, you can limit the devices a user can manage and the applications the user can configure by creating a User Role with access to a specific Topology map and write access to specific applications.
To utilize the User Role feature, you create a User Role with access to a specific Topology map and read/write access to a specific application(s). You then create a User Group and associate that group with that User Role. And finally, you create a user and associate it with that User Group. The user would then have full administrative rights to the specified applications for all devices in the specified map.
For example, you could create a User Role (User Role 1) with access to devices in Map 1 and read/write access to the Application Visibility application. A user with this role would be able to access all devices in Map 1 and configure Application Visibility on those devices. And since a user can have multiple roles, you could create a second User Role (User Role 2) with access to Map 2 and read/write access to the CLI Scripting and assign it to the same user. That user could now configure Application Visibility on devices in Map 1, and CLI Scripting on devices in Map 2.
The table below provides some use case samples for assigning multiple User Roles to a User.
Scenario |
User Role 1 |
User Role 2 |
User Role 3 |
Device/Application Access |
Using Topology Maps to limit access to devices |
Map 1 |
Map 2 |
Map 3 |
Read Access for devices in Maps 1 and 3. Write Access for devices in Map 2 |
Using a combination of Topology Maps and an application, such as Application Visibility. |
Map 1 |
Map 2 |
Map 3 |
Read Access for Application Visibility for devices in Maps 1 and 2. Write Access for Application Visibility for devices in Map 3. |
Using a combination of Topology Maps and an Object (VLAN) |
Map 1 |
Map 2 |
Map 3 |
Read Access for Application Visibility for devices in Maps 1 and 2; and VLAN configuration allowed on those devices in VLANs 10 and 20. Write Access for Application Visibility for devices in Maps 1 and 2; and VLAN configuration allowed on those devices in VLAN 30. |