Create a User Group

  1. In the Settings Pane, select > USERS & ACCOUNTS > Groups and Roles
    The GROUPS AND ROLES page displays with the USER GROUPS tab selected.

  2. Click Add User Group to the right of the page filter control.
    The NEW GROUP page displays.

  3. Select Enabled to enable group.

  4. Enter a group Name and Description.

    Note:  Group Name is case sensitive. It can contain numbers and some alphanumeric characters. When using remote authentication, characters from a user's remote groups that are not allowed on Lighthouse are converted to underscores during authentication. Local groups can be created that take that into account, allowing the authentication to continue.

  5. Under ACCESS CONTROLS:

    1. Select a filter from the By Node Filter control to restrict access to nodes that match the selected filter. If you do not select a filter, users can access all nodes.
    2. Select a filter from the By Port Filter control to restrict access to ports that match the selected filter. If you do not select a filter, users can access all ports.
    3. Select a filter from the By Resource Filter control to restrict access to resources that match the selected filter. If you do not select a filter, users can access all resources.

    Note: Any filters selected here when you create the user group, display under ACCESS CONTROL when you view the existing user group later.

  6. Under ROLES, manage the roles assigned to the group:

    • To add a role:

      1. Click Add Role.
        The ADD ROLES dialog displays.
      2. Select the check boxes for the roles you want to add.
        Click the NAME of each role to view the details of the role and the OPERATION PERMISSIONS associated with the role. Click < Back to return to the ADD ROLES dialog.
      3. Click Add.

    • To remove a role, click the icon for the role.
      The role is removed.

    • Each role has specific operation permissions associated with it and CLI (Command Line Interface) access levels for Console Shell Access Level, Shell Access, and PM Shell Access.
    • Click View details to see the information for each group

  7. Review the PERMISSIONS SUMMARY section.
    This section displays how CLI permissions are derived based on the selected roles.

  8. Review the OPERATION PERMISSIONS section.
    This section displays how operation permissions are derived based on the selected roles.

  9. Click Apply.

Available Roles

Role Description
Lighthouse Administrator

Members of groups with this role have Full access to all nodes resources. The following applies to the group filters:

  • The filters are set to All Nodes and Port Filter set to All Ports. This cannot be changed.
  • Conversely if a group’s node filter is All Nodes and Port Filter is All Ports you can not set the group's role Lighthouse Administrator.

Note:  When a new group is given the Lighthouse Administrator role, members of the group have access to the sudo command. Groups or users with the Lighthouse Administrator role are added to the admin group, which is in the list of allowed sudoers. On first boot of a new Lighthouse instance, the root user is the only member of the admin group and the only user with sudo access.
NodeAdmin Has no shell access. Has Read Only access to Netops modules, all Nodes & Configuration Operations, Cell Health, Node Filters, Tags, and Jobs
NodeUser Has PM Shell access. Has Read Only access to Nodes & Devices (Base) and Tags.
Lighthouse Reporter Has no shell access. Has Read Only access to all Operations.