Create a new group

  1. Select SETTINGS > USER MANAGEMENT > Groups and Roles. Select the User Groups tab.

  2. Click + Add User Group. The New Group page opens.

  3. Click Enabled to enable group.

  4. Enter a Group Name and Group Description.
    Note:Group Name is case sensitive. It can contain numbers and some alphanumeric characters. When using remote authentication, characters from a user's remote groups that are not allowed on Lighthouse are converted to underscores during authentication. Local groups can be created that take that into account, allowing the authentication to continue.

  5. If desired, you can select a Linked Port Filter and Linked Smart Group to associate with this group.
    The Linked Port Filter can be used to restrict groups and users to only view ports that are explicitly tagged for their use.

  1. The CLI Permissions section displays Command Line Interface(CLI) permissions based on the roles you have assigned to this group. To change the permissions, you can edit or add new roles with the desired CLI Permissions. See Create a new Role.

  2. Add one or more roles by clicking Add Role and checking the desired roles.
    Each role has specific operation permissions associated with it and CLI (Command Line Interface) access levels for console shell, shell, and PM shell. Click view details to see the information for each group.

8. You can also control the new group’s permissions independently of the roles you add to your group. Scroll to the bottom of the page to specify Full Access, Read Only, or Deny. Click to the right of each Operation row to see all options.

Note:See Available Operations Permissions for a list of all options.

9. Click Save Group.

Available Roles:

  • Lighthouse Administrator: Members of groups with this role have Full access to all nodes and managed devices.

  • NodeAdmin: Has no shell access. Has Read Only access to Netops Modules, all Nodes & Configuration Operations, Cell Health, Smart Groups, Tags, and Jobs.

  • NodeUser: Has PM Shell access. Has Read Only access to Nodes & Devices (Base) and Tags.

  • Lighthouse Reporter: Has no shell access. Has Read Only access to all Operations.

You can also create a custom role that allows you to modify CLI Permissions and Operations Permissions by clickingCreate a new Role on the New Group page.

A new role can also be based on an existing role with the Use as template link on the upper right of a role’s detail page.

Available Operations Permissions:

  • Logging
    Port Logging – Manage port logging settings.

    Syslog – Manage system syslog settings.

  • Netops
    Netops Modules

  • Nodes & Configuration

    Nodes & Devices (Base) – Access to dashboard, nodes, managed devices, node Enrollment, console gateway, and Node web UI.
    Nodes & Devices (Advanced) – Access to jobs, pending nodes, smart groups, and managed device filters.

    Nodes Firmware Management
    Template Push – Manage templates and push templates to nodes.

  • Service Settings
    LHVPN
    Cell Health
    Console Gateway
    Date & Time
    HTTPS
    Netops – Install Netops modules and manage local Netops repositories.
    Node Backup


    Session Settings. Check if this will cause any conflicts with Multiple instance permissions.
    SNMP
    SSH
    Syslog

  • Smartgroups & Tags
    Bundles – Manage and use bundles.
    Smart Groups – Manage and use smart groups.
    Tags – Manage and use tags.

  • System
    Admin & Licensing – Manage access settings for Lighthouse and license settings.
    Backup & Restore
    Jobs
    Multi-instance – Manage multi-instance settings and control state of instances.
    Network Interfaces – Manage network interface settings.
    System Upgrade & Reset

  • Users & Permissions
    Authentication – Manage authentication settings including methods, policies, and restrictions.
    Groups & Roles – Create and edit groups and roles. May not assign them to users.
    Users – View, manage, create, and delete users.

Note:When a new group is given the Lighthouse Administrator role, members of the group have access to the sudo command. Groups or users with the Lighthouse Administrator role are added to the admin group, which is in the list of allowed sudoers. On first boot of a new Lighthouse instance, the root user is the only member of the admin group and the only user with sudo access.