Manage Roles

A user is added to a user group for which one or many roles are assigned. Roles are used to configure the level of permissions to the CLI and the set of features to which a user has access.

CLI Permissions Reference

Permission Options Description
Console Shell Access Level Admin | Standard | Disabled Ability to connect to nodes' command lines via Lighthouse's SSH.

Standard allows access the node’s console with the same username as the Lighthouse user, if the user has an existing user account of the same name on the node. The user will be asked for the password of their account on the node whilst connecting.

Admin will access the node’s console as the node’s root user. Lighthouse will authenticate the connection to the node using it’s own ssh key, the user will not have to enter a password.
Shell Access Enabled | Disabled Ability to access the Lighthouse command line as an administrator.
PM Shell Access Enabled | Disabled Ability to connect to serial ports via SSH.

Operation Permissions Reference

Feature Set Feature Description
Actions Events Ability to enable or disable if events are used to generate notifications.
  Subscriptions Ability to manage third-party access to events.
Logging Port Logging Currently allows access to delete port logs through the API. Other port logging functionality is currently available through the CLI on Lighthouse. Any additional API port logging functionality will be accessible via this permission.
  Syslog Allows managing the system syslog settings through the /system/logging endpoint, currently this functionality is not available via the UI. There is another permission (Services > Syslog) which allows the user to setup remote syslog servers for Lighthouse to send logs to.
Netops Netops Modules Allows configuring Netops modules, this includes the ability to use each module, set each module to always deploy, and redeploy modules. Installing and updating the modules is handled under the Services > NetOps permission.
Advanced Features Smart Management Fabric Allows enabling Smart Management Fabric on Lighthouse and setting the internal area ID.

Enabling this permission requires “Multiple Instance”.

Enabling Smart Management Fabric on the nodes requires the Nodes and Configuration > Template Push permission.

Configuring the Smart Management Fabric Network Range on the Lighthouse VPN, requires “Full Access” on Services > LHVPN.
  Connected Resource Gateway Allows managing resources through Connected Resource Gateway. To read or change tags on resources, you require the appropriate level on Tags. To read or change resource filters, you require the appropriate level on Filters.
Nodes and Configuration Nodes and Devices (Base) Access to dashboard, nodes, ports, node enrollment and node web UI.

Read Only will allow you to view nodes and ports, make searches for ports, and view node and port filters.

Full Access will allow you to do Lighthouse driven node enrollments, and approve nodes that are in a pending state. You can also unenroll nodes.
  Nodes and Devices (Advanced) Extends Nodes and Devices (Base) permissions.

Read Only allows access to cell health information, and node connection information.

Full Access allows for changing the subscription associated with a node.
  Nodes and Firmware Management Ability to manage node firmware uploads and schedule node upgrades.
  Template Push Ability to push templates to nodes and manage templates.
Service Settings LHVPN  
  Cell Health  
  Console Gateway  
  Custom Login Message Access to set the custom login message:
  • Read-Only allows the user to see the CUSTOM LOGIN MESSAGE tab, but they cannot add, update, delete, enable, or disable the custom login message.
  • Full Access allows the user to add, update, delete, enable, or disable the custom login message.
By default, the Lighthouse Admin role receives Full Access and the Reporter role receives Read-Only access.
When a custom login message is enabled, it is visible to all visitors to the Lighthouse login page prior to logging in.
  Date & Time  
  HTTPS  
  Netops Ability to install Netops modules and modify local Netops repositories.
  Node Backup  
  Session Settings Access to set idle timeouts for the Web UI and CLI sessions and enable or disable the alternate API port status:
  • Read-Only allows the user to see the relevant settings, but they cannot make changes to them.
  • Full Access allows the user to update the relevant settings.
By default, the Lighthouse Admin role receives Full Access and the Reporter role receives Read-Only access.
  SNMP  
  SSH  
  Syslog  
Filters and Tags Bundles Ability to manage bundles.
  Filters Allows for the management and use of filters.
  Tags Allows for the management and use of tags.
System Admin and Subscriptions Ability to manage access settings for Lighthouse and manage subscription details.
  Backup and Restore  
  Jobs  
  Multi-instance Ability to manage multi-instance settings and control state of instances
  Network Settings Ability to manage the settings on the NETWORK SETTINGS page:
  • Read-Only allows the user to view the tabs for the primary and secondary Lighthouses but they cannot edit the content.
  • Full Access allows the user to add, update, delete network connections and network interface settings, as well as edit the hostname, direct access port configuration and external network addresses.
By default, the Lighthouse Admin role receives Full Access and the Reporter role receives Read-Only access.
  System Upgrade and Reset  
User and Permissions Authentication Ability to manage authentication settings including methods of authentication, policy and restrictions.
  Group and Roles Ability to create and edit roles and groups, but not the ability to assign them to users.
  Users Ability to view and manage users, including creation and removal of users.