| Actions |
Events |
Ability to enable or disable if events are used to generate notifications. |
| |
Subscriptions |
Ability to manage third-party access to events. |
| Logging |
Port Logging |
Currently allows access to delete port logs through the API. Other port logging functionality is currently available through the CLI on Lighthouse. Any additional API port logging functionality will be accessible via this permission. |
| |
Syslog |
Allows managing the system syslog settings through the /system/logging endpoint, currently this functionality is not available via the UI. There is another permission (Services > Syslog) which allows the user to setup remote syslog servers for Lighthouse to send logs to. |
| Netops |
Netops Modules |
Allows configuring Netops modules, this includes the ability to use each module, set each module to always deploy, and redeploy modules. Installing and updating the modules is handled under the Services > NetOps permission. |
| Advanced Features |
Smart Management Fabric |
Allows enabling Smart Management Fabric on Lighthouse and setting the internal area ID.
Enabling this permission requires “Multiple Instance”.
Enabling Smart Management Fabric on the nodes requires the Nodes and Configuration > Template Push permission.
Configuring the Smart Management Fabric Network Range on the Lighthouse VPN, requires “Full Access” on Services > LHVPN.
|
| |
Connected Resource Gateway |
Allows managing resources through Connected Resource Gateway. To read or change tags on resources, you require the appropriate level on Tags. To read or change resource filters, you require the appropriate level on Filters. |
| Nodes and Configuration |
Nodes and Devices (Base) |
Access to dashboard, nodes, ports, node enrollment and node web UI.
Read Only will allow you to view nodes and ports, make searches for ports, and view node and port filters.
Full Access will allow you to do Lighthouse driven node enrollments, and approve nodes that are in a pending state. You can also unenroll nodes. |
| |
Nodes and Devices (Advanced) |
Extends Nodes and Devices (Base) permissions.
Read Only allows access to cell health information, and node connection information.
Full Access allows for changing the subscription associated with a node. |
| |
Nodes and Firmware Management |
Ability to manage node firmware uploads and schedule node upgrades. |
| |
Port Management
|
Ability to terminate active serial sessions.
Deny Users with deny on all of their ports are unable to see the sessions column in the ports table, and they cannot search user names in the free text search if they don’t have access to session information.
Read Only allows read-only viewing of session details, and the use of the free text search to find active sessions by username.
Full Access allows access to see and terminate sessions.
By default, the Lighthouse Admin role receives Full Access, the Node Admin and Reporter roles receive Read-Only, and the Node User receives Deny.
|
| |
Template Push |
Ability to push templates to nodes and manage templates. |
| Service Settings |
LHVPN |
|
| |
Cell Health |
|
| |
Console Gateway |
|
| |
Custom Login Message |
Access to set the custom login message:
- Read-Only allows the user to see the CUSTOM LOGIN MESSAGE tab, but they cannot add, update, delete, enable, or disable the custom login message.
- Full Access allows the user to add, update, delete, enable, or disable the custom login message.
By default, the Lighthouse Admin role receives Full Access and the Reporter role receives Read-Only access.
When a custom login message is enabled, it is visible to all visitors to the Lighthouse login page prior to logging in. |
| |
Date & Time |
|
| |
HTTPS |
|
| |
Netops |
Ability to install Netops modules and modify local Netops repositories. |
| |
Node Backup |
|
| |
Session Settings |
Access to set idle timeouts for the Web UI and CLI sessions and enable or disable the alternate API port status:
- Read-Only allows the user to see the relevant settings, but they cannot make changes to them.
- Full Access allows the user to update the relevant settings.
By default, the Lighthouse Admin role receives Full Access and the Reporter role receives Read-Only access.
|
| |
SNMP |
|
| |
SSH |
|
| |
Syslog |
|
| Filters and Tags |
Bundles |
Ability to manage bundles. |
| |
Filters |
Allows for the management and use of filters. |
| |
Tags |
Allows for the management and use of tags. |
| System
|
Admin and Subscriptions |
Ability to manage access settings for Lighthouse and manage subscription details. |
| |
Backup and Restore |
|
| |
Jobs |
|
| |
Multi-instance |
Ability to manage multi-instance settings and control state of instances |
| |
Network Settings |
Ability to manage the settings on the NETWORK SETTINGS page:
- Read-Only allows the user to view the tabs for the primary and secondary Lighthouses but they cannot edit the content.
- Full Access allows the user to add, update, delete network connections and network interface settings, as well as edit the hostname, direct access port configuration and external network addresses.
By default, the Lighthouse Admin role receives Full Access and the Reporter role receives Read-Only access.
|
| |
System Upgrade and Reset |
|
| User and Permissions |
Authentication |
Ability to manage authentication settings including methods of authentication, policy and restrictions. |
| |
Group and Roles |
Ability to create and edit roles and groups, but not the ability to assign them to users. |
| |
Users |
Ability to view and manage users, including creation and removal of users. |